# Flog Txt Version 1 # Analyzer Version: 2023.1.0 # Analyzer Build Date: Jan 31 2023 05:27:17 # Log Creation Date: 23.02.2023 16:59:19.703 Process: id = "1" image_name = "jhafdvir.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\jhafdvir.exe" page_root = "0x366a9000" os_pid = "0x131c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x778" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe\" /dll=\"C:\\Users\\RDHJ0C~1\\Desktop\\bucbja.dll\" /fn_id=versions" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f229" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 118 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 119 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 120 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 121 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 122 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 123 start_va = 0x170000 end_va = 0x171fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 124 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 125 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 126 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 127 start_va = 0x7ff75cec0000 end_va = 0x7ff75cee7fff monitored = 1 entry_point = 0x7ff75cec1e8c region_type = mapped_file name = "jhafdvir.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jhafdvir.exe") Region: id = 128 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 267 start_va = 0x400000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 268 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 269 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 270 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 271 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 272 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 273 start_va = 0x5a0000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 274 start_va = 0x7ff8fec10000 end_va = 0x7ff8fec88fff monitored = 0 entry_point = 0x7ff8fec2fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 275 start_va = 0x7ff5ffe50000 end_va = 0x7ff5ffecdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 276 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 277 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 278 start_va = 0x6a0000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 279 start_va = 0x7ff9024a0000 end_va = 0x7ff9039fefff monitored = 0 entry_point = 0x7ff9026011f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 283 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 284 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 285 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 286 start_va = 0x7ff900b10000 end_va = 0x7ff901153fff monitored = 0 entry_point = 0x7ff900cd64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 287 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 288 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 289 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 290 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 291 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 292 start_va = 0x7ff903e40000 end_va = 0x7ff903e91fff monitored = 0 entry_point = 0x7ff903e4f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 293 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 294 start_va = 0x7ff900a50000 end_va = 0x7ff900b04fff monitored = 0 entry_point = 0x7ff900a922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 295 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 296 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 297 start_va = 0x7ff901f80000 end_va = 0x7ff9020c2fff monitored = 0 entry_point = 0x7ff901fa8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 298 start_va = 0x180000 end_va = 0x1b8fff monitored = 0 entry_point = 0x1812f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 299 start_va = 0x7a0000 end_va = 0x927fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 300 start_va = 0x7ff901e30000 end_va = 0x7ff901e6afff monitored = 0 entry_point = 0x7ff901e312f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 301 start_va = 0x930000 end_va = 0xab0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000930000" filename = "" Region: id = 302 start_va = 0xac0000 end_va = 0x1ebffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ac0000" filename = "" Region: id = 303 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 304 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 305 start_va = 0x4c0000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 306 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 307 start_va = 0x1ec0000 end_va = 0x1f7ffff monitored = 0 entry_point = 0x1ee0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 308 start_va = 0x7ff8f7df0000 end_va = 0x7ff8f7e3bfff monitored = 1 entry_point = 0x7ff8f7e3ab70 region_type = mapped_file name = "bucbja.dll" filename = "\\Users\\RDHJ0C~1\\Desktop\\bucbja.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bucbja.dll") Region: id = 309 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1456 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1457 start_va = 0x1c0000 end_va = 0x1dbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1458 start_va = 0x1e0000 end_va = 0x1eefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1459 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1460 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1461 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1463 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1464 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1465 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1466 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1467 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1468 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1469 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1470 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1471 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1472 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1473 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1474 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1475 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1476 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1477 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1478 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1479 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1480 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1481 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1482 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1483 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1484 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1485 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1486 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1487 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1488 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1489 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1490 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1491 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1492 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1493 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1494 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1495 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1496 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1497 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1498 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1499 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1500 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1501 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1502 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1504 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1506 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1512 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1513 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1514 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1515 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1516 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1517 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1518 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1519 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1520 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1521 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1522 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1523 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1524 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1525 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1526 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1527 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1528 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1529 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1530 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1531 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1532 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1533 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1534 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1535 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1536 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1537 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1538 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1539 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1540 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1541 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1542 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1543 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1544 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1545 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1546 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1547 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1548 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1549 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1550 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1551 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1552 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1553 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1554 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1555 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1556 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1557 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1760 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1761 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1762 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1763 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1764 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1765 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1766 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1767 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1768 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1769 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1770 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1771 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1772 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1773 start_va = 0x1c0000 end_va = 0x1cefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1786 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1787 start_va = 0x1c0000 end_va = 0x1dbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1788 start_va = 0x1e0000 end_va = 0x1e5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1789 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1790 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1791 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1792 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1793 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1794 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1795 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1796 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1797 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1798 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1799 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1800 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1801 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1802 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1803 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1804 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1805 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1806 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1807 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1808 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1809 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1810 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1811 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1812 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1813 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1814 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1815 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1816 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1817 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1818 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1819 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1820 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1821 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1822 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1823 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1824 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1825 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1826 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1827 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1828 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1829 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1830 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1831 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1832 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1833 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1834 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1835 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1836 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1837 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1838 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1839 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1840 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1841 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1842 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1843 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1844 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1845 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1846 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1847 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1848 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1849 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1850 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1851 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1852 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1853 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1854 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1855 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1859 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1860 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1861 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1862 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1863 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1864 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1865 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1866 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1867 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1868 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1869 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1870 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1871 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1872 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1873 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1874 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1875 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1876 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1877 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1878 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1879 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1880 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1881 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1882 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1883 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1884 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1885 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1886 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1887 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1888 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1889 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1890 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1891 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1892 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1893 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1894 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1895 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1896 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1897 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1898 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1899 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1900 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1901 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1902 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1903 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1904 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1905 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1906 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1907 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1908 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1909 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1910 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1911 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1912 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1913 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1914 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1915 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1916 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1917 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1918 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1919 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1920 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1921 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1922 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1923 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1924 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1925 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1926 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1927 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1928 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1929 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1930 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1931 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1932 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1933 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1934 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1935 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1936 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1937 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1938 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1939 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1940 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1941 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1942 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1943 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1944 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1945 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1946 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1947 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1948 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1949 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1950 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1951 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1952 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1953 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1954 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1955 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1956 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1957 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1958 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1959 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1960 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1961 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1962 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1963 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1964 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1965 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1966 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1967 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1968 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1969 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1970 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1971 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1972 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1973 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1974 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1975 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1976 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1977 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1978 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1979 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1980 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1981 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1982 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1983 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1984 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1985 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1986 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1987 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1988 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1989 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1990 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1991 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1992 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1993 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1994 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1995 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1996 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1997 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1998 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2009 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2010 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2011 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2012 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2013 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2014 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2015 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2016 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2017 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2018 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2019 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2020 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2021 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2022 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2023 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2024 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2025 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2026 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2027 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2028 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2029 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2030 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2031 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2032 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2033 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2034 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2035 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2036 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2037 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2038 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2039 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2040 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2041 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2042 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2043 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2044 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2045 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2046 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2047 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2048 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2049 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2050 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 2051 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 3069 start_va = 0x1ec0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ec0000" filename = "" Region: id = 3070 start_va = 0x1fc0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 3269 start_va = 0x1c0000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3270 start_va = 0x1c0000 end_va = 0x1dbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3271 start_va = 0x1e0000 end_va = 0x1e5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 3272 start_va = 0x1c0000 end_va = 0x1c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Thread: id = 1 os_tid = 0x1320 [0126.123] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0126.123] GetProcAddress (hModule=0x7ff901280000, lpProcName="InitializeCriticalSectionEx") returned 0x7ff9012d7c50 [0126.123] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0126.124] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsAlloc") returned 0x7ff9012e7e50 [0126.124] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsSetValue") returned 0x7ff9012d3cb0 [0126.125] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0126.125] GetProcAddress (hModule=0x7ff901280000, lpProcName="InitializeCriticalSectionEx") returned 0x7ff9012d7c50 [0126.126] GetProcessHeap () returned 0x5a0000 [0126.126] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0126.126] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsAlloc") returned 0x7ff9012e7e50 [0126.126] GetLastError () returned 0x7e [0126.126] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsGetValue") returned 0x7ff9012c3780 [0126.126] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsSetValue") returned 0x7ff9012d3cb0 [0126.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c8) returned 0x5b0330 [0126.127] SetLastError (dwErrCode=0x7e) [0126.127] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1200) returned 0x5b76d0 [0126.129] GetStartupInfoW (in: lpStartupInfo=0x14fe10 | out: lpStartupInfo=0x14fe10*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0126.129] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0126.129] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0126.129] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0126.129] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe\" /dll=\"C:\\Users\\RDHJ0C~1\\Desktop\\bucbja.dll\" /fn_id=versions" [0126.129] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe\" /dll=\"C:\\Users\\RDHJ0C~1\\Desktop\\bucbja.dll\" /fn_id=versions" [0126.130] GetACP () returned 0x4e4 [0126.130] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x228) returned 0x5ab480 [0126.130] IsValidCodePage (CodePage=0x4e4) returned 1 [0126.130] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14fdd0 | out: lpCPInfo=0x14fdd0) returned 1 [0126.130] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f670 | out: lpCPInfo=0x14f670) returned 1 [0126.130] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f690, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0126.130] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f690, cbMultiByte=256, lpWideCharStr=0x14f3c0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0126.130] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpCharType=0x14f990 | out: lpCharType=0x14f990) returned 1 [0126.131] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f690, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0126.131] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f690, cbMultiByte=256, lpWideCharStr=0x14f360, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0126.131] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0126.131] GetProcAddress (hModule=0x7ff901280000, lpProcName="LCMapStringEx") returned 0x7ff901295350 [0126.131] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0126.131] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f150, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0126.131] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x14f790, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", lpUsedDefaultChar=0x0) returned 256 [0126.131] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f690, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0126.131] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f690, cbMultiByte=256, lpWideCharStr=0x14f360, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0126.131] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0126.131] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14f150, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0126.131] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x14f890, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0126.131] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x100) returned 0x5b5600 [0126.131] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x7ff75cee2300, nSize=0x104 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jhafdvir.exe")) returned 0x2a [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xea) returned 0x5a6db0 [0126.132] RtlInitializeSListHead (in: ListHead=0x7ff75cee2160 | out: ListHead=0x7ff75cee2160) [0126.132] GetLastError () returned 0x0 [0126.132] SetLastError (dwErrCode=0x0) [0126.132] GetEnvironmentStringsW () returned 0x5b88e0* [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0xa3e) returned 0x5b9330 [0126.132] FreeEnvironmentStringsW (penv=0x5b88e0) returned 1 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x5ae5e0 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3e) returned 0x5b4440 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x5c) returned 0x5abee0 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x62) returned 0x5a72d0 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x78) returned 0x5a6f00 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x62) returned 0x5a6ad0 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x28) returned 0x5b0290 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x48) returned 0x5b4710 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1a) returned 0x5b0020 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3a) returned 0x5b4ee0 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x62) returned 0x5a7190 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a) returned 0x5a6f80 [0126.132] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2e) returned 0x5a6b40 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1c) returned 0x5b01a0 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x144) returned 0x5adb60 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x7c) returned 0x5ac0c0 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3a) returned 0x5b4760 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x90) returned 0x5ac150 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5afff0 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x30) returned 0x5a7340 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x36) returned 0x5abf50 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c) returned 0x5b4da0 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x52) returned 0x5ad9a0 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c) returned 0x5b5020 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd6) returned 0x5ad020 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2e) returned 0x5ac1f0 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e) returned 0x5b01d0 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2c) returned 0x5a7200 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x54) returned 0x5ad940 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x52) returned 0x5ada00 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5b0230 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x42) returned 0x5b43f0 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2c) returned 0x5ad100 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x44) returned 0x5b4df0 [0126.133] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5afea0 [0126.134] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b9330 | out: hHeap=0x5a0000) returned 1 [0126.134] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1000) returned 0x5b88e0 [0126.134] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff75cec2580) returned 0x0 [0126.134] GetStartupInfoW (in: lpStartupInfo=0x14fea0 | out: lpStartupInfo=0x14fea0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0126.134] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe\" /dll=\"C:\\Users\\RDHJ0C~1\\Desktop\\bucbja.dll\" /fn_id=versions" [0126.134] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe\" /dll=\"C:\\Users\\RDHJ0C~1\\Desktop\\bucbja.dll\" /fn_id=versions", pNumArgs=0x14fe70 | out: pNumArgs=0x14fe70) returned 0x5ade30*="C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe" [0126.135] LoadLibraryW (lpLibFileName="C:\\Users\\RDHJ0C~1\\Desktop\\bucbja.dll") returned 0x7ff8f7df0000 [0126.173] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x7ff901c50000 [0126.173] GetProcAddress (hModule=0x7ff901c50000, lpProcName="Process32FirstW") returned 0x7ff901c76a40 [0126.173] GetProcAddress (hModule=0x7ff901c50000, lpProcName="CloseHandle") returned 0x7ff901c7d650 [0126.173] GetProcAddress (hModule=0x7ff901c50000, lpProcName="Process32NextW") returned 0x7ff901c71040 [0126.173] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GlobalMemoryStatusEx") returned 0x7ff901c77680 [0126.174] GetProcAddress (hModule=0x7ff901c50000, lpProcName="CreateProcessW") returned 0x7ff901c73b00 [0126.174] GetProcAddress (hModule=0x7ff901c50000, lpProcName="CreateToolhelp32Snapshot") returned 0x7ff901c7e800 [0126.174] GetProcAddress (hModule=0x7ff901c50000, lpProcName="OpenProcess") returned 0x7ff901c6eb80 [0126.174] GetProcAddress (hModule=0x7ff901c50000, lpProcName="CreateFileW") returned 0x7ff901c7d8b0 [0126.174] GetProcAddress (hModule=0x7ff901c50000, lpProcName="TerminateProcess") returned 0x7ff901c78cf0 [0126.174] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetSystemInfo") returned 0x7ff901c76720 [0126.174] GetProcAddress (hModule=0x7ff901c50000, lpProcName="DeviceIoControl") returned 0x7ff901c6b2d0 [0126.174] GetProcAddress (hModule=0x7ff901c50000, lpProcName="RtlCaptureContext") returned 0x7ff901c7d410 [0126.174] GetProcAddress (hModule=0x7ff901c50000, lpProcName="RtlLookupFunctionEntry") returned 0x7ff901c76e60 [0126.175] GetProcAddress (hModule=0x7ff901c50000, lpProcName="RtlVirtualUnwind") returned 0x7ff901c7a410 [0126.175] GetProcAddress (hModule=0x7ff901c50000, lpProcName="UnhandledExceptionFilter") returned 0x7ff901c96a20 [0126.175] GetProcAddress (hModule=0x7ff901c50000, lpProcName="SetUnhandledExceptionFilter") returned 0x7ff901c76ea0 [0126.175] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetCurrentProcess") returned 0x7ff901c6b7c0 [0126.175] GetProcAddress (hModule=0x7ff901c50000, lpProcName="IsProcessorFeaturePresent") returned 0x7ff901c73d30 [0126.175] GetProcAddress (hModule=0x7ff901c50000, lpProcName="QueryPerformanceCounter") returned 0x7ff901c6b720 [0126.176] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetCurrentProcessId") returned 0x7ff901c6b4a0 [0126.176] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetCurrentThreadId") returned 0x7ff901c6b460 [0126.176] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetSystemTimeAsFileTime") returned 0x7ff901c6df70 [0126.176] GetProcAddress (hModule=0x7ff901c50000, lpProcName="InitializeSListHead") returned 0x7ff9041921c0 [0126.176] GetProcAddress (hModule=0x7ff901c50000, lpProcName="IsDebuggerPresent") returned 0x7ff901c77460 [0126.176] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetStartupInfoW") returned 0x7ff901c74c00 [0126.176] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetModuleHandleW") returned 0x7ff901c73d40 [0126.177] GetProcAddress (hModule=0x7ff901c50000, lpProcName="RtlUnwindEx") returned 0x7ff901c76ba0 [0126.177] GetProcAddress (hModule=0x7ff901c50000, lpProcName="InterlockedFlushSList") returned 0x7ff904192970 [0126.177] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetLastError") returned 0x7ff901c6b710 [0126.177] GetProcAddress (hModule=0x7ff901c50000, lpProcName="SetLastError") returned 0x7ff901c6b730 [0126.177] GetProcAddress (hModule=0x7ff901c50000, lpProcName="EnterCriticalSection") returned 0x7ff90414e600 [0126.177] GetProcAddress (hModule=0x7ff901c50000, lpProcName="LeaveCriticalSection") returned 0x7ff90414eb00 [0126.177] GetProcAddress (hModule=0x7ff901c50000, lpProcName="DeleteCriticalSection") returned 0x7ff9041799d0 [0126.177] GetProcAddress (hModule=0x7ff901c50000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x7ff901c7d750 [0126.177] GetProcAddress (hModule=0x7ff901c50000, lpProcName="TlsAlloc") returned 0x7ff901c73ad0 [0126.177] GetProcAddress (hModule=0x7ff901c50000, lpProcName="TlsGetValue") returned 0x7ff901c6b450 [0126.178] GetProcAddress (hModule=0x7ff901c50000, lpProcName="TlsSetValue") returned 0x7ff901c6b7d0 [0126.178] GetProcAddress (hModule=0x7ff901c50000, lpProcName="TlsFree") returned 0x7ff901c73e40 [0126.178] GetProcAddress (hModule=0x7ff901c50000, lpProcName="FreeLibrary") returned 0x7ff901c74810 [0126.178] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetProcAddress") returned 0x7ff901c70b80 [0126.178] GetProcAddress (hModule=0x7ff901c50000, lpProcName="LoadLibraryExW") returned 0x7ff901c70dd0 [0126.178] GetProcAddress (hModule=0x7ff901c50000, lpProcName="RaiseException") returned 0x7ff901c74d70 [0126.178] GetProcAddress (hModule=0x7ff901c50000, lpProcName="ExitProcess") returned 0x7ff901c74d80 [0126.178] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetModuleHandleExW") returned 0x7ff901c76b90 [0126.178] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetModuleFileNameW") returned 0x7ff901c74840 [0126.178] GetProcAddress (hModule=0x7ff901c50000, lpProcName="HeapFree") returned 0x7ff901c6b480 [0126.179] GetProcAddress (hModule=0x7ff901c50000, lpProcName="WriteFile") returned 0x7ff901c7dcc0 [0126.179] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetConsoleOutputCP") returned 0x7ff901c7dfb0 [0126.179] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetConsoleMode") returned 0x7ff901c7dfa0 [0126.179] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetFileSizeEx") returned 0x7ff901c7daa0 [0126.179] GetProcAddress (hModule=0x7ff901c50000, lpProcName="SetFilePointerEx") returned 0x7ff901c7dc70 [0126.179] GetProcAddress (hModule=0x7ff901c50000, lpProcName="HeapAlloc") returned 0x7ff9041452d0 [0126.179] GetProcAddress (hModule=0x7ff901c50000, lpProcName="FindClose") returned 0x7ff901c7d900 [0126.179] GetProcAddress (hModule=0x7ff901c50000, lpProcName="FindFirstFileExW") returned 0x7ff901c7d960 [0126.179] GetProcAddress (hModule=0x7ff901c50000, lpProcName="FindNextFileW") returned 0x7ff901c7d9c0 [0126.180] GetProcAddress (hModule=0x7ff901c50000, lpProcName="IsValidCodePage") returned 0x7ff901c731d0 [0126.180] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetACP") returned 0x7ff901c6d720 [0126.180] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetOEMCP") returned 0x7ff901c7c840 [0126.180] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetCPInfo") returned 0x7ff901c731e0 [0126.180] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetCommandLineA") returned 0x7ff901c76d00 [0126.180] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetCommandLineW") returned 0x7ff901c76a00 [0126.180] GetProcAddress (hModule=0x7ff901c50000, lpProcName="MultiByteToWideChar") returned 0x7ff901c6d500 [0126.180] GetProcAddress (hModule=0x7ff901c50000, lpProcName="WideCharToMultiByte") returned 0x7ff901c6b490 [0126.180] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetEnvironmentStringsW") returned 0x7ff901c76790 [0126.181] GetProcAddress (hModule=0x7ff901c50000, lpProcName="FreeEnvironmentStringsW") returned 0x7ff901c767a0 [0126.181] GetProcAddress (hModule=0x7ff901c50000, lpProcName="LCMapStringW") returned 0x7ff901c6dd00 [0126.181] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetProcessHeap") returned 0x7ff901c6d4f0 [0126.181] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetStdHandle") returned 0x7ff901c73e80 [0126.181] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetFileType") returned 0x7ff901c7dac0 [0126.181] GetProcAddress (hModule=0x7ff901c50000, lpProcName="SetStdHandle") returned 0x7ff901c77190 [0126.181] GetProcAddress (hModule=0x7ff901c50000, lpProcName="FlushFileBuffers") returned 0x7ff901c7d9d0 [0126.181] GetProcAddress (hModule=0x7ff901c50000, lpProcName="ReadFile") returned 0x7ff901c7dbd0 [0126.181] GetProcAddress (hModule=0x7ff901c50000, lpProcName="ReadConsoleW") returned 0x7ff901c7e010 [0126.182] GetProcAddress (hModule=0x7ff901c50000, lpProcName="GetStringTypeW") returned 0x7ff901c74bf0 [0126.182] GetProcAddress (hModule=0x7ff901c50000, lpProcName="HeapSize") returned 0x7ff90413b780 [0126.182] GetProcAddress (hModule=0x7ff901c50000, lpProcName="HeapReAlloc") returned 0x7ff9041439f0 [0126.182] GetProcAddress (hModule=0x7ff901c50000, lpProcName="WriteConsoleW") returned 0x7ff901c7e050 [0126.182] GetProcAddress (hModule=0x7ff901c50000, lpProcName="SetEndOfFile") returned 0x7ff901c7dc20 [0126.182] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7ff901ba0000 [0126.182] GetProcAddress (hModule=0x7ff901ba0000, lpProcName="OpenSCManagerA") returned 0x7ff901bb83a0 [0126.182] GetProcAddress (hModule=0x7ff901ba0000, lpProcName="ChangeServiceConfigA") returned 0x7ff901bd2550 [0126.182] GetProcAddress (hModule=0x7ff901ba0000, lpProcName="StartServiceA") returned 0x7ff901bd3330 [0126.183] GetProcAddress (hModule=0x7ff901ba0000, lpProcName="OpenServiceA") returned 0x7ff901bd30b0 [0126.183] GetProcAddress (hModule=0x7ff901ba0000, lpProcName="CloseServiceHandle") returned 0x7ff901bb7e20 [0126.183] VirtualProtect (in: lpAddress=0x7ff8f7df0000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x14f860 | out: lpflOldProtect=0x14f860*=0x2) returned 1 [0126.203] VirtualProtect (in: lpAddress=0x7ff8f7df0000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x14f860 | out: lpflOldProtect=0x14f860*=0x4) returned 1 [0126.205] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14f868 | out: lpSystemTimeAsFileTime=0x14f868*(dwLowDateTime=0x764d6522, dwHighDateTime=0x1d947a8)) [0126.205] GetCurrentThreadId () returned 0x1320 [0126.205] GetCurrentProcessId () returned 0x131c [0126.205] QueryPerformanceCounter (in: lpPerformanceCount=0x14f870 | out: lpPerformanceCount=0x14f870*=1157522587582) returned 1 [0126.209] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0126.209] GetProcAddress (hModule=0x7ff901280000, lpProcName="InitializeCriticalSectionEx") returned 0x7ff9012d7c50 [0126.209] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0126.210] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsAlloc") returned 0x7ff9012e7e50 [0126.210] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsSetValue") returned 0x7ff9012d3cb0 [0126.211] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0126.212] GetProcAddress (hModule=0x7ff901280000, lpProcName="InitializeCriticalSectionEx") returned 0x7ff9012d7c50 [0126.212] GetProcessHeap () returned 0x5a0000 [0126.212] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0126.212] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsAlloc") returned 0x7ff9012e7e50 [0126.212] GetLastError () returned 0x0 [0126.212] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsGetValue") returned 0x7ff9012c3780 [0126.212] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsSetValue") returned 0x7ff9012d3cb0 [0126.213] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c8) returned 0x5b9dd0 [0126.232] SetLastError (dwErrCode=0x0) [0126.232] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1200) returned 0x5ba1a0 [0126.250] GetStartupInfoW (in: lpStartupInfo=0x14f6f0 | out: lpStartupInfo=0x14f6f0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0126.250] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0126.250] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0126.250] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0126.250] GetCommandLineA () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe\" /dll=\"C:\\Users\\RDHJ0C~1\\Desktop\\bucbja.dll\" /fn_id=versions" [0126.250] GetCommandLineW () returned="\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe\" /dll=\"C:\\Users\\RDHJ0C~1\\Desktop\\bucbja.dll\" /fn_id=versions" [0126.251] GetACP () returned 0x4e4 [0126.251] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x228) returned 0x5ac780 [0126.251] IsValidCodePage (CodePage=0x4e4) returned 1 [0126.251] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f6b0 | out: lpCPInfo=0x14f6b0) returned 1 [0126.251] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14ef50 | out: lpCPInfo=0x14ef50) returned 1 [0126.251] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14ef70, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0126.251] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14ef70, cbMultiByte=256, lpWideCharStr=0x14eca0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x02") returned 256 [0126.251] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x02", cchSrc=256, lpCharType=0x14f270 | out: lpCharType=0x14f270) returned 1 [0126.252] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14ef70, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0126.252] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14ef70, cbMultiByte=256, lpWideCharStr=0x14ec40, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0126.252] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0126.252] GetProcAddress (hModule=0x7ff901280000, lpProcName="LCMapStringEx") returned 0x7ff901295350 [0126.252] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0126.252] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14ea30, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0126.252] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0x14f070, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x08", lpUsedDefaultChar=0x0) returned 256 [0126.252] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14ef70, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0126.252] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14ef70, cbMultiByte=256, lpWideCharStr=0x14ec40, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0126.252] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0126.252] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x14ea30, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0126.253] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0x14f170, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0126.253] RtlInitializeSListHead (in: ListHead=0x7ff8f7e33660 | out: ListHead=0x7ff8f7e33660) [0126.253] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1000) returned 0x5bb3b0 [0126.253] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14f540, nSize=0x105 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jhafdvir.exe")) returned 0x2a [0126.253] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x7ff901c50000 [0126.253] GetProcAddress (hModule=0x7ff901c50000, lpProcName="AreFileApisANSI") returned 0x7ff901c74820 [0126.253] AreFileApisANSI () returned 1 [0126.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0126.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe", cchWideChar=-1, lpMultiByteStr=0x7ff8f7e33860, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\JHaFdvIr.exe", lpUsedDefaultChar=0x0) returned 43 [0126.254] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x85) returned 0x5ad140 [0126.254] GetEnvironmentStringsW () returned 0x5bc3c0* [0126.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1311, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1311 [0126.254] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x51f) returned 0x5bce10 [0126.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1311, lpMultiByteStr=0x5bce10, cbMultiByte=1311, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1311 [0126.266] FreeEnvironmentStringsW (penv=0x5bc3c0) returned 1 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x118) returned 0x5ae700 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1f) returned 0x5b02f0 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2e) returned 0x5adf30 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x31) returned 0x5bc950 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c) returned 0x5b43a0 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x31) returned 0x5bc550 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x14) returned 0x5b2490 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x24) returned 0x5afbd0 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xd) returned 0x5b2390 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d) returned 0x5afcc0 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x31) returned 0x5bc650 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x15) returned 0x5b2530 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17) returned 0x5b2210 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xe) returned 0x5b2510 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xa2) returned 0x5ac9b0 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3e) returned 0x5b4490 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1d) returned 0x5afcf0 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x48) returned 0x5b4990 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12) returned 0x5b2310 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x18) returned 0x5b2450 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1b) returned 0x5afd20 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e) returned 0x5aff60 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29) returned 0x5bcb50 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1e) returned 0x5ab930 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x6b) returned 0x5adf70 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x17) returned 0x5b2350 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0xf) returned 0x5b2550 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16) returned 0x5b2230 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x2a) returned 0x5bca90 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x29) returned 0x5bc690 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12) returned 0x5b24f0 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x21) returned 0x5bd870 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x16) returned 0x5b21f0 [0126.267] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x22) returned 0x5bd690 [0126.268] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x12) returned 0x5b2570 [0126.269] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5bce10 | out: hHeap=0x5a0000) returned 1 [0126.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x1000) returned 0x5bdb50 [0126.269] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x12) returned 0x5b2430 [0126.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="versions", cchWideChar=-1, lpMultiByteStr=0x5b2430, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="versions", lpUsedDefaultChar=0x0) returned 9 [0126.270] GetLastError () returned 0x0 [0126.270] SetLastError (dwErrCode=0x0) [0126.270] GetProcAddress (hModule=0x7ff8f7df0000, lpProcName="versionsW") returned 0x0 [0126.270] GetLastError () returned 0x7f [0126.270] SetLastError (dwErrCode=0x7f) [0126.270] GetProcAddress (hModule=0x7ff8f7df0000, lpProcName="versionsA") returned 0x0 [0126.271] GetProcAddress (hModule=0x7ff8f7df0000, lpProcName="versions") returned 0x7ff8f7df1000 [0126.271] GetActiveWindow () returned 0x0 [0126.368] GetSystemInfo (in: lpSystemInfo=0x14fcf0 | out: lpSystemInfo=0x14fcf0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0126.368] GlobalMemoryStatusEx (in: lpBuffer=0x14fd20 | out: lpBuffer=0x14fd20) returned 1 [0126.369] CreateFileW (lpFileName="\\\\.\\PhysicalDrive0" (normalized: "\\device\\harddisk0\\dr0"), dwDesiredAccess=0x0, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0126.369] DeviceIoControl (in: hDevice=0x14c, dwIoControlCode=0x70000, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x14fa18, nOutBufferSize=0x18, lpBytesReturned=0x14fc70, lpOverlapped=0x0 | out: lpOutBuffer=0x14fa18*, lpBytesReturned=0x14fc70*=0x18, lpOverlapped=0x0) returned 1 [0126.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x58) returned 0x5ad580 [0126.369] AreFileApisANSI () returned 1 [0126.369] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x9, lpMultiByteStr=0x7ff8f7e066e0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 28 [0126.369] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x38) returned 0x5bc410 [0126.369] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x9, lpMultiByteStr=0x7ff8f7e066e0, cbMultiByte=-1, lpWideCharStr=0x5bc410, cchWideChar=28 | out: lpWideCharStr="C:\\windows\\system32\\oci.dll") returned 28 [0126.370] CreateFileW (lpFileName="C:\\windows\\system32\\oci.dll" (normalized: "c:\\windows\\system32\\oci.dll"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x14f738, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0126.372] GetFileType (hFile=0x150) returned 0x1 [0126.373] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5bc410 | out: hHeap=0x5a0000) returned 1 [0126.374] WriteFile (in: hFile=0x150, lpBuffer=0x7ff8f7e09a40*, nNumberOfBytesToWrite=0x29000, lpNumberOfBytesWritten=0x14f7d4, lpOverlapped=0x0 | out: lpBuffer=0x7ff8f7e09a40*, lpNumberOfBytesWritten=0x14f7d4*=0x29000, lpOverlapped=0x0) returned 1 [0126.405] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x1000) returned 0x5beb60 [0126.405] WriteFile (in: hFile=0x150, lpBuffer=0x5beb60*, nNumberOfBytesToWrite=0x6a0, lpNumberOfBytesWritten=0x14f864, lpOverlapped=0x0 | out: lpBuffer=0x5beb60*, lpNumberOfBytesWritten=0x14f864*=0x6a0, lpOverlapped=0x0) returned 1 [0126.406] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5beb60 | out: hHeap=0x5a0000) returned 1 [0126.406] CloseHandle (hObject=0x150) returned 1 [0126.414] OpenSCManagerA (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x5bd6f0 [0126.424] OpenServiceA (hSCManager=0x5bd6f0, lpServiceName="msdtc", dwDesiredAccess=0x12) returned 0x5bd4e0 [0126.426] ChangeServiceConfigA (in: hService=0x5bd4e0, dwServiceType=0xffffffff, dwStartType=0x2, dwErrorControl=0xffffffff, lpBinaryPathName=0x0, lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName="LocalSystem", lpPassword=0x0, lpDisplayName=0x0 | out: lpdwTagId=0x0) returned 1 [0126.446] StartServiceA (hService=0x5bd4e0, dwNumServiceArgs=0x0, lpServiceArgVectors=0x0) returned 1 [0129.030] CloseServiceHandle (hSCObject=0x5bd4e0) returned 1 [0129.045] CloseServiceHandle (hSCObject=0x5bd6f0) returned 1 [0129.046] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x184 [0129.061] Process32FirstW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.062] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x74, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0129.063] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0129.087] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0129.088] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0129.089] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1b0, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0129.089] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b0, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0129.090] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1b8, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0129.091] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1b8, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0129.092] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x274, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.092] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.093] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0129.094] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x358, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x43, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.095] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x378, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.096] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.097] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x39c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.098] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.099] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.100] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.101] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0129.102] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x570, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x358, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0129.103] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x634, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.104] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x654, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0129.105] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x778, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x750, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0129.106] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x358, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0129.107] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0129.108] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x930, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0129.109] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.109] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xa8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x358, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0129.110] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x718, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0129.111] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x748, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0129.112] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0129.113] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x82c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0129.113] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xab4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x82c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0129.114] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="seriestodaycan.exe")) returned 1 [0129.115] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="that.exe")) returned 1 [0129.116] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x5ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="because_similar_a.exe")) returned 1 [0129.116] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x594, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="board-large-these.exe")) returned 1 [0129.117] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer_continue.exe")) returned 1 [0129.118] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x260, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="painforeign.exe")) returned 1 [0129.118] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x938, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="may money structure.exe")) returned 1 [0129.119] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x8d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="market-source-spring.exe")) returned 1 [0129.120] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="boytv.exe")) returned 1 [0129.127] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="finish_blue.exe")) returned 1 [0129.150] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="want.exe")) returned 1 [0129.220] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x81c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="region_share_simply.exe")) returned 1 [0129.221] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="staff everyone toward.exe")) returned 1 [0129.222] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="professional_join.exe")) returned 1 [0129.223] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xc60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="hope_real.exe")) returned 1 [0129.224] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xc68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="historybudgetstop.exe")) returned 1 [0129.225] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xc70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="who-explain-position.exe")) returned 1 [0129.225] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xc78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="note-nearly.exe")) returned 1 [0129.226] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xc80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="official.exe")) returned 1 [0129.227] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xcf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0129.228] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xcf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0129.229] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0129.230] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xd10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0129.232] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0129.234] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xd24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0129.235] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0129.237] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0129.238] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0129.240] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0129.241] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe44, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0129.242] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0129.243] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0129.245] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0129.246] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe6c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0129.247] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0129.248] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0129.249] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0129.250] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0129.339] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0129.355] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xe9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0129.357] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xea4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0129.360] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xeac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0129.362] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0129.364] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0129.366] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0129.368] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0129.370] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0129.372] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0129.374] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0129.377] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0129.379] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xef8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0129.381] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xfc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0129.383] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xfc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0129.385] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xfd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0129.387] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xfe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0129.389] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xff0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0129.390] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xff8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0129.585] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0129.586] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0129.588] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0129.589] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x30c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0129.590] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x41c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0129.591] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xcd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="reasondaughter.exe")) returned 1 [0129.592] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xcc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="across.exe")) returned 1 [0129.593] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="standardpublicwrong.exe")) returned 1 [0129.594] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xdb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="particularly-prove.exe")) returned 1 [0129.595] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0xb28, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x274, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0129.596] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x110c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x358, pcPriClassBase=6, dwFlags=0x0, szExeFile="msfeedssync.exe")) returned 1 [0129.597] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x12a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x38c, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0129.598] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x131c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x778, pcPriClassBase=8, dwFlags=0x0, szExeFile="JHaFdvIr.exe")) returned 1 [0129.599] Process32NextW (in: hSnapshot=0x184, lppe=0x14fa30 | out: lppe=0x14fa30*(dwSize=0x238, cntUsage=0x0, th32ProcessID=0x1328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="msdtc.exe")) returned 1 [0129.600] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x1328) returned 0x0 [0129.600] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="cmd.exe /c taskkill /f /im msdtc.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x10, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x14fc80*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x14fa18 | out: lpCommandLine="cmd.exe /c taskkill /f /im msdtc.exe", lpProcessInformation=0x14fa18*(hProcess=0x18c, hThread=0x188, dwProcessId=0x1348, dwThreadId=0x134c)) returned 1 [0129.624] CloseHandle (hObject=0x188) returned 1 [0129.624] CloseHandle (hObject=0x18c) returned 1 [0129.624] CloseHandle (hObject=0x184) returned 1 [0129.625] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5bdb50 | out: hHeap=0x5a0000) returned 1 [0129.625] HeapFree (in: hHeap=0x5a0000, dwFlags=0x0, lpMem=0x5b2430 | out: hHeap=0x5a0000) returned 1 [0129.625] GetCurrentProcessId () returned 0x131c [0129.625] GetCurrentThreadId () returned 0x1320 [0129.625] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x184 [0129.634] Thread32First (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.634] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.635] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.636] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.637] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.637] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.638] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.639] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.640] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.640] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.641] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.642] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.643] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.644] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.645] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.645] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.646] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.647] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.647] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.648] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.649] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.650] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.694] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.695] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.696] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.697] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.697] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.698] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.699] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.699] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.700] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.701] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.702] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.703] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.703] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.705] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.706] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.707] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.707] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.708] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.709] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.710] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.710] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.711] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.712] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.712] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.713] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.714] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.715] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.715] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.716] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.717] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.718] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.718] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.719] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.720] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.721] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.721] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.722] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.723] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.724] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.724] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.725] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.726] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.726] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.727] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.728] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.782] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.783] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.783] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.784] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.784] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.785] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.786] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.786] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.787] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.788] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.788] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.789] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.790] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.790] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.791] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.792] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.793] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.793] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.794] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.795] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.795] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.796] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.797] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.797] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.799] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.799] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.800] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.801] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.802] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.802] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.803] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.804] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.804] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.805] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.806] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.807] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.807] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.808] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.809] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.810] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.810] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.811] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.812] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.812] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.814] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.859] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.859] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.860] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.861] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.862] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.863] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.863] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.864] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.865] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.866] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.866] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.867] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.868] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.869] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.869] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.870] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.871] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.871] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.872] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.873] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.874] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.874] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.875] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.876] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.877] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.878] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.878] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.880] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.881] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.882] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.882] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.883] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.883] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.884] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.885] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.885] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.886] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.887] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.887] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.888] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.889] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.889] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.890] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.890] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.891] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.918] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.919] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.920] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.920] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.921] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.922] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.923] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.924] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.925] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.925] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.926] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.927] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.927] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.928] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.929] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.929] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.930] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.930] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.931] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.932] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.932] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.933] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.933] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.934] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.935] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.935] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.936] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.937] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.937] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.938] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.939] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.940] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.941] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.942] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.942] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.943] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.944] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.945] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.945] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.946] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.947] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.948] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.949] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.949] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.950] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.951] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.952] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.952] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.953] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0129.954] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.104] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.104] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.105] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.106] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.107] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.108] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.109] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.109] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.111] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.111] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.112] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.113] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.114] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.114] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.115] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.116] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.117] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.118] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.118] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.119] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.120] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.121] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.121] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.122] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.123] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.124] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.125] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.126] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.127] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.127] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.128] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.129] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.130] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.130] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.131] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.132] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.133] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.134] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.135] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.135] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.136] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.137] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0130.138] Thread32Next (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0131.787] CloseHandle (hObject=0x184) returned 1 [0131.788] OpenThread (dwDesiredAccess=0x100000, bInheritHandle=0, dwThreadId=0x1324) returned 0x184 [0131.788] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0xffffffff) returned 0x0 [0183.870] CloseHandle (hObject=0x184) returned 1 [0183.870] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x184 [0183.886] Thread32First (hSnapshot=0x184, lpte=0x14fe78) returned 1 [0184.303] CloseHandle (hObject=0x184) returned 1 [0184.303] OpenThread (dwDesiredAccess=0x100000, bInheritHandle=0, dwThreadId=0xaf8) returned 0x184 [0184.303] WaitForSingleObject (hHandle=0x184, dwMilliseconds=0xffffffff) Thread: id = 2 os_tid = 0x1324 Thread: id = 441 os_tid = 0xaf8 [0159.051] GetLastError () returned 0x57 [0159.054] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsGetValue") returned 0x7ff9012c3780 [0159.056] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x80) returned 0x5bd220 [0159.056] SetLastError (dwErrCode=0x57) [0159.057] GetLastError () returned 0x57 [0159.058] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c8) returned 0x5bdf70 [0159.059] SetLastError (dwErrCode=0x57) Thread: id = 442 os_tid = 0xdd0 [0159.063] GetLastError () returned 0x57 [0159.063] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x80) returned 0x5acd10 [0159.063] SetLastError (dwErrCode=0x57) [0159.063] GetLastError () returned 0x57 [0159.063] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x8, Size=0x3c8) returned 0x5bfb70 [0159.063] SetLastError (dwErrCode=0x57) Process: id = "2" image_name = "System" filename = "" page_root = "0x1aa000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "1" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 1558 start_va = 0x776e0000 end_va = 0x7785afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1559 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1560 start_va = 0x2cb00000000 end_va = 0x2cb0002ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002cb00000000" filename = "" Region: id = 1561 start_va = 0x2cb00030000 end_va = 0x2cb0005ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002cb00030000" filename = "" Region: id = 1562 start_va = 0x2cb00060000 end_va = 0x2cb0007ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002cb00060000" filename = "" Region: id = 1563 start_va = 0x2cb00080000 end_va = 0x2cb0009ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002cb00080000" filename = "" Region: id = 1564 start_va = 0x2cb000a0000 end_va = 0x2cb000cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002cb000a0000" filename = "" Region: id = 1565 start_va = 0x2cb000d0000 end_va = 0x2cb000fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002cb000d0000" filename = "" Region: id = 1566 start_va = 0x2cb00100000 end_va = 0x2cb0012ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002cb00100000" filename = "" Region: id = 1567 start_va = 0x2cb00130000 end_va = 0x2cb0015ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002cb00130000" filename = "" Region: id = 1568 start_va = 0x2cb00160000 end_va = 0x2cb00160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002cb00160000" filename = "" Region: id = 1569 start_va = 0x2cb00170000 end_va = 0x2cb00170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002cb00170000" filename = "" Region: id = 1570 start_va = 0x2cb00180000 end_va = 0x2cb00180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000002cb00180000" filename = "" Region: id = 1571 start_va = 0x2cb00190000 end_va = 0x2cb001affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00190000" filename = "" Region: id = 1572 start_va = 0x2cb001b0000 end_va = 0x2cb001cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb001b0000" filename = "" Region: id = 1573 start_va = 0x2cb001d0000 end_va = 0x2cb001effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb001d0000" filename = "" Region: id = 1574 start_va = 0x2cb001f0000 end_va = 0x2cb0020ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb001f0000" filename = "" Region: id = 1575 start_va = 0x2cb00210000 end_va = 0x2cb0022ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00210000" filename = "" Region: id = 1576 start_va = 0x2cb00230000 end_va = 0x2cb0024ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00230000" filename = "" Region: id = 1577 start_va = 0x2cb00250000 end_va = 0x2cb0026ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00250000" filename = "" Region: id = 1578 start_va = 0x2cb00270000 end_va = 0x2cb0028ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00270000" filename = "" Region: id = 1579 start_va = 0x2cb00290000 end_va = 0x2cb002affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00290000" filename = "" Region: id = 1580 start_va = 0x2cb002b0000 end_va = 0x2cb002cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb002b0000" filename = "" Region: id = 1581 start_va = 0x2cb002d0000 end_va = 0x2cb002effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb002d0000" filename = "" Region: id = 1582 start_va = 0x2cb002f0000 end_va = 0x2cb0030ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb002f0000" filename = "" Region: id = 1583 start_va = 0x2cb00310000 end_va = 0x2cb0032ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00310000" filename = "" Region: id = 1584 start_va = 0x2cb00330000 end_va = 0x2cb0034ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00330000" filename = "" Region: id = 1585 start_va = 0x2cb00350000 end_va = 0x2cb0036ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00350000" filename = "" Region: id = 1586 start_va = 0x2cb00370000 end_va = 0x2cb0038ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00370000" filename = "" Region: id = 1587 start_va = 0x2cb00390000 end_va = 0x2cb003affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00390000" filename = "" Region: id = 1588 start_va = 0x2cb003b0000 end_va = 0x2cb003cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb003b0000" filename = "" Region: id = 1589 start_va = 0x2cb003d0000 end_va = 0x2cb003effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb003d0000" filename = "" Region: id = 1590 start_va = 0x2cb003f0000 end_va = 0x2cb0040ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb003f0000" filename = "" Region: id = 1591 start_va = 0x2cb00410000 end_va = 0x2cb0042ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00410000" filename = "" Region: id = 1592 start_va = 0x2cb00430000 end_va = 0x2cb0044ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00430000" filename = "" Region: id = 1593 start_va = 0x2cb00450000 end_va = 0x2cb0046ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00450000" filename = "" Region: id = 1594 start_va = 0x2cb00470000 end_va = 0x2cb0048ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00470000" filename = "" Region: id = 1595 start_va = 0x2cb00490000 end_va = 0x2cb004affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00490000" filename = "" Region: id = 1596 start_va = 0x2cb004b0000 end_va = 0x2cb004cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb004b0000" filename = "" Region: id = 1597 start_va = 0x2cb004d0000 end_va = 0x2cb004effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb004d0000" filename = "" Region: id = 1598 start_va = 0x2cb004f0000 end_va = 0x2cb0050ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb004f0000" filename = "" Region: id = 1599 start_va = 0x2cb00510000 end_va = 0x2cb0052ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00510000" filename = "" Region: id = 1600 start_va = 0x2cb00530000 end_va = 0x2cb0054ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00530000" filename = "" Region: id = 1601 start_va = 0x2cb00550000 end_va = 0x2cb0056ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00550000" filename = "" Region: id = 1602 start_va = 0x2cb00570000 end_va = 0x2cb0058ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00570000" filename = "" Region: id = 1603 start_va = 0x2cb00590000 end_va = 0x2cb005affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00590000" filename = "" Region: id = 1604 start_va = 0x2cb005b0000 end_va = 0x2cb005cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb005b0000" filename = "" Region: id = 1605 start_va = 0x2cb005d0000 end_va = 0x2cb005effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb005d0000" filename = "" Region: id = 1606 start_va = 0x2cb005f0000 end_va = 0x2cb0060ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb005f0000" filename = "" Region: id = 1607 start_va = 0x2cb00610000 end_va = 0x2cb0062ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00610000" filename = "" Region: id = 1608 start_va = 0x2cb00630000 end_va = 0x2cb0064ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00630000" filename = "" Region: id = 1609 start_va = 0x2cb00650000 end_va = 0x2cb0066ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00650000" filename = "" Region: id = 1610 start_va = 0x2cb00670000 end_va = 0x2cb0068ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00670000" filename = "" Region: id = 1611 start_va = 0x2cb00690000 end_va = 0x2cb006affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00690000" filename = "" Region: id = 1612 start_va = 0x2cb006b0000 end_va = 0x2cb006cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb006b0000" filename = "" Region: id = 1613 start_va = 0x2cb006d0000 end_va = 0x2cb006effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb006d0000" filename = "" Region: id = 1614 start_va = 0x2cb006f0000 end_va = 0x2cb0070ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb006f0000" filename = "" Region: id = 1615 start_va = 0x2cb00710000 end_va = 0x2cb0072ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00710000" filename = "" Region: id = 1616 start_va = 0x2cb00730000 end_va = 0x2cb0074ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00730000" filename = "" Region: id = 1617 start_va = 0x2cb00750000 end_va = 0x2cb0076ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00750000" filename = "" Region: id = 1618 start_va = 0x2cb00770000 end_va = 0x2cb0078ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00770000" filename = "" Region: id = 1619 start_va = 0x2cb00790000 end_va = 0x2cb007affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00790000" filename = "" Region: id = 1620 start_va = 0x2cb007b0000 end_va = 0x2cb007cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb007b0000" filename = "" Region: id = 1621 start_va = 0x2cb007d0000 end_va = 0x2cb007effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb007d0000" filename = "" Region: id = 1622 start_va = 0x2cb007f0000 end_va = 0x2cb0080ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb007f0000" filename = "" Region: id = 1623 start_va = 0x2cb00810000 end_va = 0x2cb0082ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00810000" filename = "" Region: id = 1624 start_va = 0x2cb00830000 end_va = 0x2cb0084ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00830000" filename = "" Region: id = 1625 start_va = 0x2cb00850000 end_va = 0x2cb0086ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00850000" filename = "" Region: id = 1626 start_va = 0x2cb00870000 end_va = 0x2cb0088ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00870000" filename = "" Region: id = 1627 start_va = 0x2cb00890000 end_va = 0x2cb008affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00890000" filename = "" Region: id = 1628 start_va = 0x2cb008b0000 end_va = 0x2cb008cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb008b0000" filename = "" Region: id = 1629 start_va = 0x2cb008d0000 end_va = 0x2cb008effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb008d0000" filename = "" Region: id = 1630 start_va = 0x2cb008f0000 end_va = 0x2cb0090ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb008f0000" filename = "" Region: id = 1631 start_va = 0x2cb00910000 end_va = 0x2cb0092ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00910000" filename = "" Region: id = 1632 start_va = 0x2cb00930000 end_va = 0x2cb0094ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00930000" filename = "" Region: id = 1633 start_va = 0x2cb00950000 end_va = 0x2cb0096ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00950000" filename = "" Region: id = 1634 start_va = 0x2cb00970000 end_va = 0x2cb0098ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00970000" filename = "" Region: id = 1635 start_va = 0x2cb00990000 end_va = 0x2cb009affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00990000" filename = "" Region: id = 1636 start_va = 0x2cb009b0000 end_va = 0x2cb009cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb009b0000" filename = "" Region: id = 1637 start_va = 0x2cb009d0000 end_va = 0x2cb009effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb009d0000" filename = "" Region: id = 1638 start_va = 0x2cb009f0000 end_va = 0x2cb00a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb009f0000" filename = "" Region: id = 1639 start_va = 0x2cb00a10000 end_va = 0x2cb00a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00a10000" filename = "" Region: id = 1640 start_va = 0x2cb00a30000 end_va = 0x2cb00a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00a30000" filename = "" Region: id = 1641 start_va = 0x2cb00a50000 end_va = 0x2cb00a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00a50000" filename = "" Region: id = 1642 start_va = 0x2cb00a70000 end_va = 0x2cb00a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00a70000" filename = "" Region: id = 1643 start_va = 0x2cb00a90000 end_va = 0x2cb00aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00a90000" filename = "" Region: id = 1644 start_va = 0x2cb00ab0000 end_va = 0x2cb00acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00ab0000" filename = "" Region: id = 1645 start_va = 0x2cb00ad0000 end_va = 0x2cb00aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00ad0000" filename = "" Region: id = 1646 start_va = 0x2cb00af0000 end_va = 0x2cb00b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00af0000" filename = "" Region: id = 1647 start_va = 0x2cb00b10000 end_va = 0x2cb00b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00b10000" filename = "" Region: id = 1648 start_va = 0x2cb00b30000 end_va = 0x2cb00b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00b30000" filename = "" Region: id = 1649 start_va = 0x2cb00b50000 end_va = 0x2cb00b6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00b50000" filename = "" Region: id = 1650 start_va = 0x2cb00b70000 end_va = 0x2cb00b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00b70000" filename = "" Region: id = 1651 start_va = 0x2cb00b90000 end_va = 0x2cb00baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00b90000" filename = "" Region: id = 1652 start_va = 0x2cb00bb0000 end_va = 0x2cb00bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00bb0000" filename = "" Region: id = 1653 start_va = 0x2cb00bd0000 end_va = 0x2cb00beffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00bd0000" filename = "" Region: id = 1654 start_va = 0x2cb00bf0000 end_va = 0x2cb00c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00bf0000" filename = "" Region: id = 1655 start_va = 0x2cb00c10000 end_va = 0x2cb00c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00c10000" filename = "" Region: id = 1656 start_va = 0x2cb00c30000 end_va = 0x2cb00c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00c30000" filename = "" Region: id = 1657 start_va = 0x2cb00c50000 end_va = 0x2cb00c6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00c50000" filename = "" Region: id = 1658 start_va = 0x2cb00c70000 end_va = 0x2cb00c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00c70000" filename = "" Region: id = 1659 start_va = 0x2cb00c90000 end_va = 0x2cb00caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00c90000" filename = "" Region: id = 1660 start_va = 0x2cb00cb0000 end_va = 0x2cb00ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00cb0000" filename = "" Region: id = 1661 start_va = 0x2cb00cd0000 end_va = 0x2cb00ceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00cd0000" filename = "" Region: id = 1662 start_va = 0x2cb00cf0000 end_va = 0x2cb00d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00cf0000" filename = "" Region: id = 1663 start_va = 0x2cb00d10000 end_va = 0x2cb00d2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00d10000" filename = "" Region: id = 1664 start_va = 0x2cb00d30000 end_va = 0x2cb00d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00d30000" filename = "" Region: id = 1665 start_va = 0x2cb00d50000 end_va = 0x2cb00d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00d50000" filename = "" Region: id = 1666 start_va = 0x2cb00d70000 end_va = 0x2cb00d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00d70000" filename = "" Region: id = 1667 start_va = 0x2cb00d90000 end_va = 0x2cb00daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00d90000" filename = "" Region: id = 1668 start_va = 0x2cb00db0000 end_va = 0x2cb00dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00db0000" filename = "" Region: id = 1669 start_va = 0x2cb00dd0000 end_va = 0x2cb00deffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00dd0000" filename = "" Region: id = 1670 start_va = 0x2cb00df0000 end_va = 0x2cb00e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00df0000" filename = "" Region: id = 1671 start_va = 0x2cb00e10000 end_va = 0x2cb00e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00e10000" filename = "" Region: id = 1672 start_va = 0x2cb00e30000 end_va = 0x2cb00e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00e30000" filename = "" Region: id = 1673 start_va = 0x2cb00e50000 end_va = 0x2cb00e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00e50000" filename = "" Region: id = 1674 start_va = 0x2cb00e70000 end_va = 0x2cb00e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00e70000" filename = "" Region: id = 1675 start_va = 0x2cb00e90000 end_va = 0x2cb00eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00e90000" filename = "" Region: id = 1676 start_va = 0x2cb00eb0000 end_va = 0x2cb00ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00eb0000" filename = "" Region: id = 1677 start_va = 0x2cb00ed0000 end_va = 0x2cb00eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00ed0000" filename = "" Region: id = 1678 start_va = 0x2cb00ef0000 end_va = 0x2cb00f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00ef0000" filename = "" Region: id = 1679 start_va = 0x2cb00f10000 end_va = 0x2cb00f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00f10000" filename = "" Region: id = 1680 start_va = 0x2cb00f30000 end_va = 0x2cb00f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00f30000" filename = "" Region: id = 1681 start_va = 0x2cb00f50000 end_va = 0x2cb00f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00f50000" filename = "" Region: id = 1682 start_va = 0x2cb00f70000 end_va = 0x2cb00f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00f70000" filename = "" Region: id = 1683 start_va = 0x2cb00f90000 end_va = 0x2cb00faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00f90000" filename = "" Region: id = 1684 start_va = 0x2cb00fb0000 end_va = 0x2cb00fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00fb0000" filename = "" Region: id = 1685 start_va = 0x2cb00fd0000 end_va = 0x2cb00feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00fd0000" filename = "" Region: id = 1686 start_va = 0x2cb00ff0000 end_va = 0x2cb0100ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb00ff0000" filename = "" Region: id = 1687 start_va = 0x2cb01010000 end_va = 0x2cb0102ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01010000" filename = "" Region: id = 1688 start_va = 0x2cb01030000 end_va = 0x2cb0104ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01030000" filename = "" Region: id = 1689 start_va = 0x2cb01050000 end_va = 0x2cb0106ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01050000" filename = "" Region: id = 1690 start_va = 0x2cb01070000 end_va = 0x2cb0108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01070000" filename = "" Region: id = 1691 start_va = 0x2cb01090000 end_va = 0x2cb010affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01090000" filename = "" Region: id = 1692 start_va = 0x2cb010b0000 end_va = 0x2cb010cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb010b0000" filename = "" Region: id = 1693 start_va = 0x2cb010d0000 end_va = 0x2cb010effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb010d0000" filename = "" Region: id = 1694 start_va = 0x2cb010f0000 end_va = 0x2cb0110ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb010f0000" filename = "" Region: id = 1695 start_va = 0x2cb01110000 end_va = 0x2cb0112ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01110000" filename = "" Region: id = 1696 start_va = 0x2cb01130000 end_va = 0x2cb0114ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01130000" filename = "" Region: id = 1697 start_va = 0x2cb01150000 end_va = 0x2cb0116ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01150000" filename = "" Region: id = 1698 start_va = 0x2cb01170000 end_va = 0x2cb0118ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01170000" filename = "" Region: id = 1699 start_va = 0x2cb01190000 end_va = 0x2cb011affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01190000" filename = "" Region: id = 1700 start_va = 0x2cb011b0000 end_va = 0x2cb011cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb011b0000" filename = "" Region: id = 1701 start_va = 0x2cb011d0000 end_va = 0x2cb011effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb011d0000" filename = "" Region: id = 1702 start_va = 0x2cb011f0000 end_va = 0x2cb0120ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb011f0000" filename = "" Region: id = 1703 start_va = 0x2cb01210000 end_va = 0x2cb0122ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01210000" filename = "" Region: id = 1704 start_va = 0x2cb01230000 end_va = 0x2cb0124ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01230000" filename = "" Region: id = 1705 start_va = 0x2cb01250000 end_va = 0x2cb0126ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01250000" filename = "" Region: id = 1706 start_va = 0x2cb01270000 end_va = 0x2cb0128ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01270000" filename = "" Region: id = 1707 start_va = 0x2cb01290000 end_va = 0x2cb012affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01290000" filename = "" Region: id = 1708 start_va = 0x2cb012b0000 end_va = 0x2cb012cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb012b0000" filename = "" Region: id = 1709 start_va = 0x2cb012d0000 end_va = 0x2cb012effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb012d0000" filename = "" Region: id = 1710 start_va = 0x2cb012f0000 end_va = 0x2cb0130ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb012f0000" filename = "" Region: id = 1711 start_va = 0x2cb01310000 end_va = 0x2cb0132ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01310000" filename = "" Region: id = 1712 start_va = 0x2cb01330000 end_va = 0x2cb0134ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01330000" filename = "" Region: id = 1713 start_va = 0x2cb01350000 end_va = 0x2cb0136ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01350000" filename = "" Region: id = 1714 start_va = 0x2cb01370000 end_va = 0x2cb0138ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01370000" filename = "" Region: id = 1715 start_va = 0x2cb01390000 end_va = 0x2cb013affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01390000" filename = "" Region: id = 1716 start_va = 0x2cb013b0000 end_va = 0x2cb013cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb013b0000" filename = "" Region: id = 1717 start_va = 0x2cb013d0000 end_va = 0x2cb013effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb013d0000" filename = "" Region: id = 1718 start_va = 0x2cb013f0000 end_va = 0x2cb0140ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb013f0000" filename = "" Region: id = 1719 start_va = 0x2cb01410000 end_va = 0x2cb0142ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01410000" filename = "" Region: id = 1720 start_va = 0x2cb01430000 end_va = 0x2cb0144ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01430000" filename = "" Region: id = 1721 start_va = 0x2cb01450000 end_va = 0x2cb0146ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01450000" filename = "" Region: id = 1722 start_va = 0x2cb01470000 end_va = 0x2cb0148ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01470000" filename = "" Region: id = 1723 start_va = 0x2cb01490000 end_va = 0x2cb014affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01490000" filename = "" Region: id = 1724 start_va = 0x2cb014b0000 end_va = 0x2cb014cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb014b0000" filename = "" Region: id = 1725 start_va = 0x2cb014d0000 end_va = 0x2cb014effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb014d0000" filename = "" Region: id = 1726 start_va = 0x2cb014f0000 end_va = 0x2cb0150ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb014f0000" filename = "" Region: id = 1727 start_va = 0x2cb01510000 end_va = 0x2cb0152ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01510000" filename = "" Region: id = 1728 start_va = 0x2cb01530000 end_va = 0x2cb0154ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01530000" filename = "" Region: id = 1729 start_va = 0x2cb01550000 end_va = 0x2cb0156ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01550000" filename = "" Region: id = 1730 start_va = 0x2cb01570000 end_va = 0x2cb0158ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01570000" filename = "" Region: id = 1731 start_va = 0x2cb01590000 end_va = 0x2cb015affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01590000" filename = "" Region: id = 1732 start_va = 0x2cb015b0000 end_va = 0x2cb015cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb015b0000" filename = "" Region: id = 1733 start_va = 0x2cb015d0000 end_va = 0x2cb015effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb015d0000" filename = "" Region: id = 1734 start_va = 0x2cb015f0000 end_va = 0x2cb0160ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb015f0000" filename = "" Region: id = 1735 start_va = 0x2cb01610000 end_va = 0x2cb0162ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01610000" filename = "" Region: id = 1736 start_va = 0x2cb01630000 end_va = 0x2cb0164ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01630000" filename = "" Region: id = 1737 start_va = 0x2cb01650000 end_va = 0x2cb0166ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01650000" filename = "" Region: id = 1738 start_va = 0x2cb01670000 end_va = 0x2cb0168ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01670000" filename = "" Region: id = 1739 start_va = 0x2cb01690000 end_va = 0x2cb016affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01690000" filename = "" Region: id = 1740 start_va = 0x2cb016b0000 end_va = 0x2cb016cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb016b0000" filename = "" Region: id = 1741 start_va = 0x2cb016d0000 end_va = 0x2cb016effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb016d0000" filename = "" Region: id = 1742 start_va = 0x2cb016f0000 end_va = 0x2cb0170ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb016f0000" filename = "" Region: id = 1743 start_va = 0x2cb01710000 end_va = 0x2cb0172ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01710000" filename = "" Region: id = 1744 start_va = 0x2cb01730000 end_va = 0x2cb0174ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01730000" filename = "" Region: id = 1745 start_va = 0x2cb01750000 end_va = 0x2cb0176ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01750000" filename = "" Region: id = 1746 start_va = 0x2cb01770000 end_va = 0x2cb0178ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01770000" filename = "" Region: id = 1747 start_va = 0x2cb01790000 end_va = 0x2cb017affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01790000" filename = "" Region: id = 1748 start_va = 0x2cb017b0000 end_va = 0x2cb017cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb017b0000" filename = "" Region: id = 1749 start_va = 0x2cb017d0000 end_va = 0x2cb017effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb017d0000" filename = "" Region: id = 1750 start_va = 0x2cb017f0000 end_va = 0x2cb0180ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb017f0000" filename = "" Region: id = 1751 start_va = 0x2cb01810000 end_va = 0x2cb0182ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01810000" filename = "" Region: id = 1752 start_va = 0x2cb01830000 end_va = 0x2cb0184ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01830000" filename = "" Region: id = 1753 start_va = 0x2cb01850000 end_va = 0x2cb0186ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01850000" filename = "" Region: id = 1754 start_va = 0x2cb01870000 end_va = 0x2cb0188ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01870000" filename = "" Region: id = 1755 start_va = 0x2cb01890000 end_va = 0x2cb018affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb01890000" filename = "" Region: id = 1756 start_va = 0x2cb018b0000 end_va = 0x2cb018cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb018b0000" filename = "" Region: id = 1757 start_va = 0x2cb018d0000 end_va = 0x2cb018effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb018d0000" filename = "" Region: id = 1758 start_va = 0x2cb018f0000 end_va = 0x2cb0190ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000002cb018f0000" filename = "" Region: id = 1759 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 3 os_tid = 0xec Thread: id = 4 os_tid = 0x3c0 Thread: id = 5 os_tid = 0x2c Thread: id = 6 os_tid = 0x27c Thread: id = 7 os_tid = 0x590 Thread: id = 8 os_tid = 0x668 Thread: id = 9 os_tid = 0x100 Thread: id = 10 os_tid = 0x5ac Thread: id = 11 os_tid = 0x104 Thread: id = 12 os_tid = 0xbf8 Thread: id = 13 os_tid = 0xd4 Thread: id = 14 os_tid = 0xd0 Thread: id = 15 os_tid = 0xb24 Thread: id = 16 os_tid = 0x168 Thread: id = 17 os_tid = 0xb54 Thread: id = 18 os_tid = 0x120 Thread: id = 19 os_tid = 0x54 Thread: id = 20 os_tid = 0x1c Thread: id = 21 os_tid = 0x808 Thread: id = 22 os_tid = 0x88 Thread: id = 23 os_tid = 0x164 Thread: id = 24 os_tid = 0x898 Thread: id = 25 os_tid = 0x894 Thread: id = 26 os_tid = 0x734 Thread: id = 27 os_tid = 0x2f4 Thread: id = 28 os_tid = 0x40c Thread: id = 29 os_tid = 0x0 Thread: id = 30 os_tid = 0x38 Thread: id = 31 os_tid = 0x3c Thread: id = 32 os_tid = 0xa38 Thread: id = 33 os_tid = 0xaa8 Thread: id = 34 os_tid = 0xa9c Thread: id = 35 os_tid = 0x928 Thread: id = 36 os_tid = 0x91c Thread: id = 37 os_tid = 0x8c4 Thread: id = 38 os_tid = 0x8b8 Thread: id = 39 os_tid = 0x8c Thread: id = 40 os_tid = 0x558 Thread: id = 41 os_tid = 0x474 Thread: id = 42 os_tid = 0x7bc Thread: id = 43 os_tid = 0x79c Thread: id = 44 os_tid = 0x770 Thread: id = 45 os_tid = 0x76c Thread: id = 46 os_tid = 0x758 Thread: id = 47 os_tid = 0x724 Thread: id = 48 os_tid = 0x6ec Thread: id = 49 os_tid = 0x6e8 Thread: id = 50 os_tid = 0x6d4 Thread: id = 51 os_tid = 0x6bc Thread: id = 52 os_tid = 0x678 Thread: id = 53 os_tid = 0x618 Thread: id = 54 os_tid = 0x10 Thread: id = 55 os_tid = 0x68 Thread: id = 56 os_tid = 0xc0 Thread: id = 57 os_tid = 0x40 Thread: id = 58 os_tid = 0x19c Thread: id = 59 os_tid = 0x3ec Thread: id = 60 os_tid = 0x3e8 Thread: id = 61 os_tid = 0x74 Thread: id = 62 os_tid = 0x34 Thread: id = 63 os_tid = 0xb8 Thread: id = 64 os_tid = 0x94 Thread: id = 65 os_tid = 0x30 Thread: id = 66 os_tid = 0x160 Thread: id = 67 os_tid = 0x198 Thread: id = 68 os_tid = 0x150 Thread: id = 69 os_tid = 0x170 Thread: id = 70 os_tid = 0x220 Thread: id = 71 os_tid = 0x1d8 Thread: id = 72 os_tid = 0x130 Thread: id = 73 os_tid = 0xc8 Thread: id = 74 os_tid = 0x14 Thread: id = 75 os_tid = 0x80 Thread: id = 76 os_tid = 0x84 Thread: id = 77 os_tid = 0x20 Thread: id = 78 os_tid = 0xcc Thread: id = 79 os_tid = 0x1a0 Thread: id = 80 os_tid = 0x194 Thread: id = 81 os_tid = 0x190 Thread: id = 82 os_tid = 0x18c Thread: id = 83 os_tid = 0xe8 Thread: id = 84 os_tid = 0x6c Thread: id = 85 os_tid = 0x16c Thread: id = 86 os_tid = 0x58 Thread: id = 87 os_tid = 0xb4 Thread: id = 88 os_tid = 0xac Thread: id = 89 os_tid = 0x154 Thread: id = 90 os_tid = 0x14c Thread: id = 91 os_tid = 0x90 Thread: id = 92 os_tid = 0xbc Thread: id = 93 os_tid = 0x5c Thread: id = 94 os_tid = 0x13c Thread: id = 95 os_tid = 0xc4 Thread: id = 96 os_tid = 0xb0 Thread: id = 97 os_tid = 0xf0 Thread: id = 98 os_tid = 0x8 Thread: id = 99 os_tid = 0xf4 Thread: id = 390 os_tid = 0x1344 Thread: id = 400 os_tid = 0x18 Thread: id = 405 os_tid = 0x1384 Thread: id = 407 os_tid = 0x1394 Thread: id = 409 os_tid = 0x72c Thread: id = 419 os_tid = 0x8c0 Thread: id = 420 os_tid = 0x920 Thread: id = 434 os_tid = 0x728 Thread: id = 436 os_tid = 0xd8 Thread: id = 439 os_tid = 0x380 Thread: id = 440 os_tid = 0xdd8 Thread: id = 444 os_tid = 0x1054 Thread: id = 445 os_tid = 0x1048 Thread: id = 460 os_tid = 0x28 Process: id = "3" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x76b4c000" os_pid = "0x210" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "1" os_parent_pid = "0x1b8" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Region: id = 310 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 311 start_va = 0x20000 end_va = 0x24fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "services.exe.mui" filename = "\\Windows\\System32\\en-US\\services.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\services.exe.mui") Region: id = 312 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 313 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 314 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 315 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 316 start_va = 0x110000 end_va = 0x116fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 317 start_va = 0x120000 end_va = 0x1ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 318 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 319 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 320 start_va = 0x5c0000 end_va = 0x5c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 321 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 322 start_va = 0x800000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 323 start_va = 0xc00000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 324 start_va = 0xd00000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 325 start_va = 0x1200000 end_va = 0x127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 326 start_va = 0x1280000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 327 start_va = 0x1380000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 328 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 329 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 330 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 331 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 332 start_va = 0x7ff6530f0000 end_va = 0x7ff65315efff monitored = 0 entry_point = 0x7ff6531107c0 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 333 start_va = 0x7ff8f4840000 end_va = 0x7ff8f4865fff monitored = 0 entry_point = 0x7ff8f4841cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 334 start_va = 0x7ff8f6810000 end_va = 0x7ff8f682cfff monitored = 0 entry_point = 0x7ff8f681a9c0 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 335 start_va = 0x7ff8fca60000 end_va = 0x7ff8fca6ffff monitored = 0 entry_point = 0x7ff8fca62c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 336 start_va = 0x7ff8fe370000 end_va = 0x7ff8fe377fff monitored = 0 entry_point = 0x7ff8fe3713e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 337 start_va = 0x7ff8ffa30000 end_va = 0x7ff8ffa78fff monitored = 0 entry_point = 0x7ff8ffa3a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 338 start_va = 0x7ff8ffa80000 end_va = 0x7ff8ffafbfff monitored = 0 entry_point = 0x7ff8ffa82030 region_type = mapped_file name = "scesrv.dll" filename = "\\Windows\\System32\\scesrv.dll" (normalized: "c:\\windows\\system32\\scesrv.dll") Region: id = 339 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 340 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 341 start_va = 0x7ff9005b0000 end_va = 0x7ff9005c8fff monitored = 0 entry_point = 0x7ff9005b5e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 342 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 343 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 344 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 345 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 346 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 347 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 348 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 349 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 350 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 100 os_tid = 0xadc Thread: id = 101 os_tid = 0xa14 Thread: id = 102 os_tid = 0x600 Thread: id = 103 os_tid = 0x15c Thread: id = 104 os_tid = 0x28c Thread: id = 435 os_tid = 0xf18 Process: id = "4" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x75ce7000" os_pid = "0x274" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BrokerInfrastructure" [0xa], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\DeviceInstall" [0xa], "NT SERVICE\\LSM" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT SERVICE\\SystemEventsBroker" [0xa], "NT AUTHORITY\\Logon Session 00000000:00005666" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 351 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 352 start_va = 0x20000 end_va = 0x24fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 353 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 354 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 355 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 356 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 357 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 358 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 359 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 360 start_va = 0x1d0000 end_va = 0x1d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 361 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 362 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 363 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 364 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 365 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 366 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004a0000" filename = "" Region: id = 367 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 368 start_va = 0x4c0000 end_va = 0x4c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 369 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 370 start_va = 0x4e0000 end_va = 0x4e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 371 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 372 start_va = 0x500000 end_va = 0x506fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 373 start_va = 0x510000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 374 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 375 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 376 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 377 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 378 start_va = 0x5d0000 end_va = 0x5fdfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 379 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 380 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 381 start_va = 0x880000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 382 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 383 start_va = 0xa40000 end_va = 0xa46fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 384 start_va = 0xac0000 end_va = 0xac6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 385 start_va = 0xb00000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b00000" filename = "" Region: id = 386 start_va = 0xc00000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 387 start_va = 0xd00000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 388 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 389 start_va = 0xf00000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 390 start_va = 0xf80000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f80000" filename = "" Region: id = 391 start_va = 0x1080000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 392 start_va = 0x1100000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 393 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 394 start_va = 0x1300000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 395 start_va = 0x1400000 end_va = 0x1736fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 396 start_va = 0x1740000 end_va = 0x183ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 397 start_va = 0x1940000 end_va = 0x1a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 398 start_va = 0x1a40000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001a40000" filename = "" Region: id = 399 start_va = 0x1b00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 400 start_va = 0x1c00000 end_va = 0x1d87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001c00000" filename = "" Region: id = 401 start_va = 0x1d90000 end_va = 0x1f10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d90000" filename = "" Region: id = 402 start_va = 0x1f20000 end_va = 0x201ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f20000" filename = "" Region: id = 403 start_va = 0x2120000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 404 start_va = 0x21a0000 end_va = 0x221ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 405 start_va = 0x2220000 end_va = 0x22fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 406 start_va = 0x2580000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002580000" filename = "" Region: id = 407 start_va = 0x2600000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 408 start_va = 0x2680000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 409 start_va = 0x2700000 end_va = 0x277ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 410 start_va = 0x2780000 end_va = 0x287ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 411 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 412 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 413 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 414 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 415 start_va = 0x7ff731720000 end_va = 0x7ff73172cfff monitored = 0 entry_point = 0x7ff731723980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 416 start_va = 0x7ff8f3900000 end_va = 0x7ff8f391afff monitored = 0 entry_point = 0x7ff8f390af40 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 417 start_va = 0x7ff8f3920000 end_va = 0x7ff8f3930fff monitored = 0 entry_point = 0x7ff8f3925e90 region_type = mapped_file name = "licensemanagerapi.dll" filename = "\\Windows\\System32\\LicenseManagerApi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll") Region: id = 418 start_va = 0x7ff8f81d0000 end_va = 0x7ff8f81e4fff monitored = 0 entry_point = 0x7ff8f81d1ab0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 419 start_va = 0x7ff8f81f0000 end_va = 0x7ff8f81fdfff monitored = 0 entry_point = 0x7ff8f81f22f0 region_type = mapped_file name = "sebbackgroundmanagerpolicy.dll" filename = "\\Windows\\System32\\SebBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\sebbackgroundmanagerpolicy.dll") Region: id = 420 start_va = 0x7ff8f8200000 end_va = 0x7ff8f8217fff monitored = 0 entry_point = 0x7ff8f8203f00 region_type = mapped_file name = "windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll" filename = "\\Windows\\System32\\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll") Region: id = 421 start_va = 0x7ff8f8220000 end_va = 0x7ff8f822bfff monitored = 0 entry_point = 0x7ff8f8224b50 region_type = mapped_file name = "cbtbackgroundmanagerpolicy.dll" filename = "\\Windows\\System32\\CbtBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\cbtbackgroundmanagerpolicy.dll") Region: id = 422 start_va = 0x7ff8f8230000 end_va = 0x7ff8f8255fff monitored = 0 entry_point = 0x7ff8f8237a80 region_type = mapped_file name = "acpbackgroundmanagerpolicy.dll" filename = "\\Windows\\System32\\ACPBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\acpbackgroundmanagerpolicy.dll") Region: id = 423 start_va = 0x7ff8f8260000 end_va = 0x7ff8f826ffff monitored = 0 entry_point = 0x7ff8f82623f0 region_type = mapped_file name = "backgroundmediapolicy.dll" filename = "\\Windows\\System32\\BackgroundMediaPolicy.dll" (normalized: "c:\\windows\\system32\\backgroundmediapolicy.dll") Region: id = 424 start_va = 0x7ff8f86a0000 end_va = 0x7ff8f86e3fff monitored = 0 entry_point = 0x7ff8f86ac010 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 425 start_va = 0x7ff8f9cf0000 end_va = 0x7ff8f9cfbfff monitored = 0 entry_point = 0x7ff8f9cf2830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 426 start_va = 0x7ff8fabb0000 end_va = 0x7ff8fac41fff monitored = 0 entry_point = 0x7ff8fabfa780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 427 start_va = 0x7ff8fca60000 end_va = 0x7ff8fca6ffff monitored = 0 entry_point = 0x7ff8fca62c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 428 start_va = 0x7ff8fde10000 end_va = 0x7ff8fe2a2fff monitored = 0 entry_point = 0x7ff8fde1f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 429 start_va = 0x7ff8fe380000 end_va = 0x7ff8fe3a0fff monitored = 0 entry_point = 0x7ff8fe3892a0 region_type = mapped_file name = "dab.dll" filename = "\\Windows\\System32\\dab.dll" (normalized: "c:\\windows\\system32\\dab.dll") Region: id = 430 start_va = 0x7ff8fe760000 end_va = 0x7ff8fe81dfff monitored = 0 entry_point = 0x7ff8fe7a2d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 431 start_va = 0x7ff8fec10000 end_va = 0x7ff8fec88fff monitored = 0 entry_point = 0x7ff8fec2fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 432 start_va = 0x7ff8fee80000 end_va = 0x7ff8fee92fff monitored = 0 entry_point = 0x7ff8fee82760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 433 start_va = 0x7ff8feff0000 end_va = 0x7ff8ff02ffff monitored = 0 entry_point = 0x7ff8ff001960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 434 start_va = 0x7ff8ff030000 end_va = 0x7ff8ff092fff monitored = 0 entry_point = 0x7ff8ff04c010 region_type = mapped_file name = "systemeventsbrokerserver.dll" filename = "\\Windows\\System32\\SystemEventsBrokerServer.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerserver.dll") Region: id = 435 start_va = 0x7ff8ff160000 end_va = 0x7ff8ff186fff monitored = 0 entry_point = 0x7ff8ff167940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 436 start_va = 0x7ff8ff260000 end_va = 0x7ff8ff35ffff monitored = 0 entry_point = 0x7ff8ff2a0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 437 start_va = 0x7ff8ff360000 end_va = 0x7ff8ff3ecfff monitored = 0 entry_point = 0x7ff8ff38ac70 region_type = mapped_file name = "psmserviceexthost.dll" filename = "\\Windows\\System32\\PsmServiceExtHost.dll" (normalized: "c:\\windows\\system32\\psmserviceexthost.dll") Region: id = 438 start_va = 0x7ff8ff3f0000 end_va = 0x7ff8ff3fbfff monitored = 0 entry_point = 0x7ff8ff3f2480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 439 start_va = 0x7ff8ff400000 end_va = 0x7ff8ff4bbfff monitored = 0 entry_point = 0x7ff8ff43c480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 440 start_va = 0x7ff8ff500000 end_va = 0x7ff8ff529fff monitored = 0 entry_point = 0x7ff8ff508b90 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 441 start_va = 0x7ff8ff530000 end_va = 0x7ff8ff55ffff monitored = 0 entry_point = 0x7ff8ff53f7c0 region_type = mapped_file name = "psmsrv.dll" filename = "\\Windows\\System32\\psmsrv.dll" (normalized: "c:\\windows\\system32\\psmsrv.dll") Region: id = 442 start_va = 0x7ff8ff560000 end_va = 0x7ff8ff5f4fff monitored = 0 entry_point = 0x7ff8ff5936c0 region_type = mapped_file name = "bisrv.dll" filename = "\\Windows\\System32\\bisrv.dll" (normalized: "c:\\windows\\system32\\bisrv.dll") Region: id = 443 start_va = 0x7ff8ff640000 end_va = 0x7ff8ff722fff monitored = 0 entry_point = 0x7ff8ff69e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 444 start_va = 0x7ff8ff730000 end_va = 0x7ff8ff73bfff monitored = 0 entry_point = 0x7ff8ff732790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 445 start_va = 0x7ff8ff740000 end_va = 0x7ff8ff763fff monitored = 0 entry_point = 0x7ff8ff743260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 446 start_va = 0x7ff8ff770000 end_va = 0x7ff8ff867fff monitored = 0 entry_point = 0x7ff8ff77d580 region_type = mapped_file name = "tdh.dll" filename = "\\Windows\\System32\\tdh.dll" (normalized: "c:\\windows\\system32\\tdh.dll") Region: id = 447 start_va = 0x7ff8ff870000 end_va = 0x7ff8ff885fff monitored = 0 entry_point = 0x7ff8ff873630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 448 start_va = 0x7ff8ff890000 end_va = 0x7ff8ff8b1fff monitored = 0 entry_point = 0x7ff8ff8975f0 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 449 start_va = 0x7ff8ff8c0000 end_va = 0x7ff8ff8dffff monitored = 0 entry_point = 0x7ff8ff8c1920 region_type = mapped_file name = "umpnpmgr.dll" filename = "\\Windows\\System32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll") Region: id = 450 start_va = 0x7ff8ff8e0000 end_va = 0x7ff8ff9d3fff monitored = 0 entry_point = 0x7ff8ff8ea960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 451 start_va = 0x7ff8ffc30000 end_va = 0x7ff8ffc60fff monitored = 0 entry_point = 0x7ff8ffc37d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 452 start_va = 0x7ff8ffea0000 end_va = 0x7ff8ffebefff monitored = 0 entry_point = 0x7ff8ffea5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 453 start_va = 0x7ff9001e0000 end_va = 0x7ff9001eafff monitored = 0 entry_point = 0x7ff9001e19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 454 start_va = 0x7ff9003c0000 end_va = 0x7ff900415fff monitored = 0 entry_point = 0x7ff9003d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 455 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 456 start_va = 0x7ff9005b0000 end_va = 0x7ff9005c8fff monitored = 0 entry_point = 0x7ff9005b5e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 457 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 458 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 459 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 460 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 461 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 462 start_va = 0x7ff900a50000 end_va = 0x7ff900b04fff monitored = 0 entry_point = 0x7ff900a922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 463 start_va = 0x7ff900b10000 end_va = 0x7ff901153fff monitored = 0 entry_point = 0x7ff900cd64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 464 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 465 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 466 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 467 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 468 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 469 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 470 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 471 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 472 start_va = 0x7ff901f10000 end_va = 0x7ff901f7efff monitored = 0 entry_point = 0x7ff901f35f70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 473 start_va = 0x7ff901f80000 end_va = 0x7ff9020c2fff monitored = 0 entry_point = 0x7ff901fa8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 474 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 475 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 476 start_va = 0x7ff903e40000 end_va = 0x7ff903e91fff monitored = 0 entry_point = 0x7ff903e4f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 477 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 478 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 479 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2692 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 2693 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 2694 start_va = 0x7df5ffe40000 end_va = 0x7df5ffebdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 2699 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 2700 start_va = 0x7df5ffe40000 end_va = 0x7df5ffebdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 2701 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 2702 start_va = 0x7df5ffe40000 end_va = 0x7df5ffebdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 2715 start_va = 0x400000 end_va = 0x409fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "combase.dll.mui" filename = "\\Windows\\System32\\en-US\\combase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\combase.dll.mui") Region: id = 3166 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3167 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3168 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3218 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3224 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3244 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3245 start_va = 0x800000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 3246 start_va = 0x1840000 end_va = 0x193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001840000" filename = "" Region: id = 3250 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3258 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3263 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3264 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3266 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3299 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3300 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3347 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3348 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3349 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3350 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3351 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3352 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3353 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3354 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3355 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3356 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3357 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3443 start_va = 0x410000 end_va = 0x440fff monitored = 0 entry_point = 0x4310e0 region_type = mapped_file name = "installagent.exe" filename = "\\Windows\\System32\\InstallAgent.exe" (normalized: "c:\\windows\\system32\\installagent.exe") Region: id = 3444 start_va = 0x410000 end_va = 0x437fff monitored = 0 entry_point = 0x4329c0 region_type = mapped_file name = "installagent.exe" filename = "\\Windows\\SysWOW64\\InstallAgent.exe" (normalized: "c:\\windows\\syswow64\\installagent.exe") Region: id = 3552 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3553 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3554 start_va = 0x7ff8fca70000 end_va = 0x7ff8fca82fff monitored = 0 entry_point = 0x7ff8fca72570 region_type = mapped_file name = "srumapi.dll" filename = "\\Windows\\System32\\srumapi.dll" (normalized: "c:\\windows\\system32\\srumapi.dll") Thread: id = 105 os_tid = 0x3ac Thread: id = 106 os_tid = 0x388 Thread: id = 107 os_tid = 0xbec Thread: id = 108 os_tid = 0xa58 Thread: id = 109 os_tid = 0xa54 Thread: id = 110 os_tid = 0x5c4 Thread: id = 111 os_tid = 0x5c0 Thread: id = 112 os_tid = 0x430 Thread: id = 113 os_tid = 0x370 Thread: id = 114 os_tid = 0x360 Thread: id = 115 os_tid = 0x32c Thread: id = 116 os_tid = 0x328 Thread: id = 117 os_tid = 0x2dc Thread: id = 118 os_tid = 0x2d8 Thread: id = 119 os_tid = 0x2c4 Thread: id = 120 os_tid = 0x2b4 Thread: id = 121 os_tid = 0x2a8 Thread: id = 122 os_tid = 0x2a0 Thread: id = 123 os_tid = 0x288 Thread: id = 124 os_tid = 0x278 Thread: id = 451 os_tid = 0x1028 Thread: id = 454 os_tid = 0x1088 Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x75c12000" os_pid = "0x294" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:000096a6" [0xc000000f], "LOCAL" [0x7] Region: id = 632 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 633 start_va = 0x20000 end_va = 0x22fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 634 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 635 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 636 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 637 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 638 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 639 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 640 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 641 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 642 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 643 start_va = 0x480000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 644 start_va = 0x550000 end_va = 0x556fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 645 start_va = 0x590000 end_va = 0x596fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 646 start_va = 0x5a0000 end_va = 0x5a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 647 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 648 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 649 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 650 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 651 start_va = 0xa00000 end_va = 0xd36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 652 start_va = 0xd40000 end_va = 0xe3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 653 start_va = 0xe40000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 654 start_va = 0xf40000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 655 start_va = 0x1100000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 656 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 657 start_va = 0x1300000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 658 start_va = 0x1500000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 659 start_va = 0x1700000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 660 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 661 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 662 start_va = 0x1a00000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 663 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 664 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 665 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 666 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 667 start_va = 0x7ff731720000 end_va = 0x7ff73172cfff monitored = 0 entry_point = 0x7ff731723980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 668 start_va = 0x7ff8f3900000 end_va = 0x7ff8f391afff monitored = 0 entry_point = 0x7ff8f390af40 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 669 start_va = 0x7ff8f8fe0000 end_va = 0x7ff8f9046fff monitored = 0 entry_point = 0x7ff8f8fe63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 670 start_va = 0x7ff8fca60000 end_va = 0x7ff8fca6ffff monitored = 0 entry_point = 0x7ff8fca62c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 671 start_va = 0x7ff8fee80000 end_va = 0x7ff8fee92fff monitored = 0 entry_point = 0x7ff8fee82760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 672 start_va = 0x7ff8ff4c0000 end_va = 0x7ff8ff4f1fff monitored = 0 entry_point = 0x7ff8ff4d2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 673 start_va = 0x7ff8ff600000 end_va = 0x7ff8ff612fff monitored = 0 entry_point = 0x7ff8ff601b60 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 674 start_va = 0x7ff8ff620000 end_va = 0x7ff8ff636fff monitored = 0 entry_point = 0x7ff8ff626180 region_type = mapped_file name = "rpcepmap.dll" filename = "\\Windows\\System32\\RpcEpMap.dll" (normalized: "c:\\windows\\system32\\rpcepmap.dll") Region: id = 675 start_va = 0x7ff8ff640000 end_va = 0x7ff8ff722fff monitored = 0 entry_point = 0x7ff8ff69e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 676 start_va = 0x7ff8ff8e0000 end_va = 0x7ff8ff9d3fff monitored = 0 entry_point = 0x7ff8ff8ea960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 677 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 678 start_va = 0x7ff9003c0000 end_va = 0x7ff900415fff monitored = 0 entry_point = 0x7ff9003d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 679 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 680 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 681 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 682 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 683 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 684 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 685 start_va = 0x7ff901490000 end_va = 0x7ff901515fff monitored = 0 entry_point = 0x7ff90149d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 686 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 687 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 688 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 689 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 690 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 691 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 692 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 693 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 694 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3071 start_va = 0x1400000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 3162 start_va = 0x1e0000 end_va = 0x1f4fff monitored = 0 entry_point = 0x1e44f0 region_type = mapped_file name = "runtimebroker.exe" filename = "\\Windows\\System32\\RuntimeBroker.exe" (normalized: "c:\\windows\\system32\\runtimebroker.exe") Region: id = 3163 start_va = 0x1e0000 end_va = 0x1f4fff monitored = 0 entry_point = 0x1e44f0 region_type = mapped_file name = "runtimebroker.exe" filename = "\\Windows\\System32\\RuntimeBroker.exe" (normalized: "c:\\windows\\system32\\runtimebroker.exe") Region: id = 3259 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 3260 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 3358 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 3360 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 3391 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 3392 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 3409 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 3435 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 3441 start_va = 0x400000 end_va = 0x430fff monitored = 0 entry_point = 0x4210e0 region_type = mapped_file name = "installagent.exe" filename = "\\Windows\\System32\\InstallAgent.exe" (normalized: "c:\\windows\\system32\\installagent.exe") Region: id = 3442 start_va = 0x400000 end_va = 0x427fff monitored = 0 entry_point = 0x4229c0 region_type = mapped_file name = "installagent.exe" filename = "\\Windows\\SysWOW64\\InstallAgent.exe" (normalized: "c:\\windows\\syswow64\\installagent.exe") Region: id = 3492 start_va = 0x400000 end_va = 0x430fff monitored = 0 entry_point = 0x4210e0 region_type = mapped_file name = "installagent.exe" filename = "\\Windows\\System32\\InstallAgent.exe" (normalized: "c:\\windows\\system32\\installagent.exe") Region: id = 3498 start_va = 0x400000 end_va = 0x401fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 3525 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 3535 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 3551 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Thread: id = 125 os_tid = 0x10a8 Thread: id = 126 os_tid = 0xf08 Thread: id = 127 os_tid = 0xaac Thread: id = 128 os_tid = 0x92c Thread: id = 129 os_tid = 0xb0c Thread: id = 130 os_tid = 0xaec Thread: id = 131 os_tid = 0x2d4 Thread: id = 132 os_tid = 0x2d0 Thread: id = 133 os_tid = 0x2bc Thread: id = 134 os_tid = 0x2b8 Thread: id = 135 os_tid = 0x2b0 Thread: id = 136 os_tid = 0x298 Thread: id = 443 os_tid = 0xaf0 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x75c8e000" os_pid = "0x358" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac01" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1061 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1062 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1063 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1064 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1065 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1066 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1067 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1068 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 1069 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 1070 start_va = 0x130000 end_va = 0x141fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dnsapi.dll.mui" filename = "\\Windows\\System32\\en-US\\dnsapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dnsapi.dll.mui") Region: id = 1071 start_va = 0x150000 end_va = 0x159fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 1072 start_va = 0x160000 end_va = 0x160fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 1073 start_va = 0x170000 end_va = 0x171fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 1074 start_va = 0x180000 end_va = 0x186fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1075 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1076 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1077 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1078 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1079 start_va = 0x1d0000 end_va = 0x1d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1080 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1081 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1082 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1083 start_va = 0x500000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1084 start_va = 0x5c0000 end_va = 0x5c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 1085 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 1086 start_va = 0x5e0000 end_va = 0x5ecfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 1087 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1088 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 1089 start_va = 0x890000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 1090 start_va = 0xa20000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 1091 start_va = 0xae0000 end_va = 0xae3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1092 start_va = 0xaf0000 end_va = 0xaf3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1093 start_va = 0xb00000 end_va = 0xb10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1094 start_va = 0xb20000 end_va = 0xb26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 1095 start_va = 0xb30000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 1096 start_va = 0xbb0000 end_va = 0xbb6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bb0000" filename = "" Region: id = 1097 start_va = 0xbc0000 end_va = 0xbccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1098 start_va = 0xbd0000 end_va = 0xbd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 1099 start_va = 0xbe0000 end_va = 0xbe1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 1100 start_va = 0xbf0000 end_va = 0xbf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bf0000" filename = "" Region: id = 1101 start_va = 0xc00000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 1102 start_va = 0xd00000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 1103 start_va = 0xd80000 end_va = 0xd88fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1104 start_va = 0xd90000 end_va = 0xda0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 1105 start_va = 0xdb0000 end_va = 0xdb6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000db0000" filename = "" Region: id = 1106 start_va = 0xdc0000 end_va = 0xdc4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 1107 start_va = 0xdd0000 end_va = 0xddffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 1108 start_va = 0xde0000 end_va = 0xde2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 1109 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 1110 start_va = 0xf00000 end_va = 0x1236fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1111 start_va = 0x1240000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001240000" filename = "" Region: id = 1112 start_va = 0x1340000 end_va = 0x143ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 1113 start_va = 0x1440000 end_va = 0x153ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 1114 start_va = 0x1540000 end_va = 0x163ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 1115 start_va = 0x1640000 end_va = 0x173ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001640000" filename = "" Region: id = 1116 start_va = 0x1740000 end_va = 0x17bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 1117 start_va = 0x17c0000 end_va = 0x17d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 1118 start_va = 0x17e0000 end_va = 0x17f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 1119 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 1120 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 1121 start_va = 0x1a00000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 1122 start_va = 0x1b00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 1123 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 1124 start_va = 0x1d00000 end_va = 0x1d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 1125 start_va = 0x1d80000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 1126 start_va = 0x1e00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 1127 start_va = 0x1f00000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 1128 start_va = 0x2000000 end_va = 0x20dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1129 start_va = 0x20e0000 end_va = 0x20f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 1130 start_va = 0x2100000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 1131 start_va = 0x2200000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 1132 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1133 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 1134 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1135 start_va = 0x2600000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 1136 start_va = 0x2700000 end_va = 0x2744fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db") Region: id = 1137 start_va = 0x2750000 end_va = 0x27ddfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1138 start_va = 0x27e0000 end_va = 0x27f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 1139 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 1140 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 1141 start_va = 0x2a00000 end_va = 0x2a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 1142 start_va = 0x2a80000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a80000" filename = "" Region: id = 1143 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 1144 start_va = 0x2c00000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 1145 start_va = 0x2d00000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 1146 start_va = 0x2e00000 end_va = 0x2e10fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 1147 start_va = 0x2e20000 end_va = 0x2e30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 1148 start_va = 0x2e40000 end_va = 0x2e67fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 1149 start_va = 0x2e80000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e80000" filename = "" Region: id = 1150 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 1151 start_va = 0x3000000 end_va = 0x3030fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 1152 start_va = 0x3040000 end_va = 0x3050fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 1153 start_va = 0x3060000 end_va = 0x3070fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 1154 start_va = 0x3080000 end_va = 0x30b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 1155 start_va = 0x30c0000 end_va = 0x30f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 1156 start_va = 0x3100000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 1157 start_va = 0x3200000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 1158 start_va = 0x3300000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 1159 start_va = 0x3480000 end_va = 0x3497fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003480000" filename = "" Region: id = 1160 start_va = 0x34d0000 end_va = 0x34d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034d0000" filename = "" Region: id = 1161 start_va = 0x34e0000 end_va = 0x355ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000034e0000" filename = "" Region: id = 1162 start_va = 0x3560000 end_va = 0x35dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003560000" filename = "" Region: id = 1163 start_va = 0x3600000 end_va = 0x3606fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 1164 start_va = 0x3690000 end_va = 0x370ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003690000" filename = "" Region: id = 1165 start_va = 0x3800000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 1166 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 1167 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 1168 start_va = 0x3b00000 end_va = 0x3b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 1169 start_va = 0x3b80000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b80000" filename = "" Region: id = 1170 start_va = 0x3c80000 end_va = 0x3d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c80000" filename = "" Region: id = 1171 start_va = 0x3d80000 end_va = 0x3e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d80000" filename = "" Region: id = 1172 start_va = 0x3e80000 end_va = 0x3f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Region: id = 1173 start_va = 0x3f80000 end_va = 0x407ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f80000" filename = "" Region: id = 1174 start_va = 0x4080000 end_va = 0x417ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004080000" filename = "" Region: id = 1175 start_va = 0x4180000 end_va = 0x427ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004180000" filename = "" Region: id = 1176 start_va = 0x4280000 end_va = 0x437ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004280000" filename = "" Region: id = 1177 start_va = 0x4380000 end_va = 0x447ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004380000" filename = "" Region: id = 1178 start_va = 0x4480000 end_va = 0x457ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004480000" filename = "" Region: id = 1179 start_va = 0x4650000 end_va = 0x4656fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004650000" filename = "" Region: id = 1180 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 1181 start_va = 0x4800000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1182 start_va = 0x4900000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 1183 start_va = 0x4a00000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 1184 start_va = 0x4b00000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 1185 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 1186 start_va = 0x4d00000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 1187 start_va = 0x4e00000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1188 start_va = 0x4f00000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1189 start_va = 0x5000000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 1190 start_va = 0x5100000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 1191 start_va = 0x5200000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 1192 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 1193 start_va = 0x5400000 end_va = 0x54fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 1194 start_va = 0x5500000 end_va = 0x55fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 1195 start_va = 0x5600000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 1196 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 1197 start_va = 0x5900000 end_va = 0x59fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005900000" filename = "" Region: id = 1198 start_va = 0x5a00000 end_va = 0x5afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 1199 start_va = 0x5b00000 end_va = 0x5bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b00000" filename = "" Region: id = 1200 start_va = 0x5c00000 end_va = 0x5cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c00000" filename = "" Region: id = 1201 start_va = 0x5f00000 end_va = 0x5ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f00000" filename = "" Region: id = 1202 start_va = 0x6000000 end_va = 0x60fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006000000" filename = "" Region: id = 1203 start_va = 0x6100000 end_va = 0x61fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006100000" filename = "" Region: id = 1204 start_va = 0x6200000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 1205 start_va = 0x6500000 end_va = 0x65fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 1206 start_va = 0x6600000 end_va = 0x66fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006600000" filename = "" Region: id = 1207 start_va = 0x6700000 end_va = 0x67fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006700000" filename = "" Region: id = 1208 start_va = 0x6800000 end_va = 0x68fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006800000" filename = "" Region: id = 1209 start_va = 0x6e00000 end_va = 0x6efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e00000" filename = "" Region: id = 1210 start_va = 0x6f00000 end_va = 0x6ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f00000" filename = "" Region: id = 1211 start_va = 0x7f00000 end_va = 0x7ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f00000" filename = "" Region: id = 1212 start_va = 0x8000000 end_va = 0x80fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008000000" filename = "" Region: id = 1213 start_va = 0x8100000 end_va = 0x81fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008100000" filename = "" Region: id = 1214 start_va = 0x8200000 end_va = 0x82fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008200000" filename = "" Region: id = 1215 start_va = 0x8300000 end_va = 0x83fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008300000" filename = "" Region: id = 1216 start_va = 0x8400000 end_va = 0x84fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008400000" filename = "" Region: id = 1217 start_va = 0x8500000 end_va = 0x85fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008500000" filename = "" Region: id = 1218 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1219 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1220 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1221 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1222 start_va = 0x7ff731720000 end_va = 0x7ff73172cfff monitored = 0 entry_point = 0x7ff731723980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1223 start_va = 0x7ff8ec140000 end_va = 0x7ff8ec214fff monitored = 0 entry_point = 0x7ff8ec15cf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1224 start_va = 0x7ff8eca90000 end_va = 0x7ff8ecad3fff monitored = 0 entry_point = 0x7ff8ecab83e0 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 1225 start_va = 0x7ff8ecae0000 end_va = 0x7ff8ecb3cfff monitored = 0 entry_point = 0x7ff8ecb0e510 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 1226 start_va = 0x7ff8ed5b0000 end_va = 0x7ff8ed5c6fff monitored = 0 entry_point = 0x7ff8ed5b7520 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 1227 start_va = 0x7ff8ed7a0000 end_va = 0x7ff8ed7c1fff monitored = 0 entry_point = 0x7ff8ed7b2540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 1228 start_va = 0x7ff8eee40000 end_va = 0x7ff8eee53fff monitored = 0 entry_point = 0x7ff8eee43710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 1229 start_va = 0x7ff8eeef0000 end_va = 0x7ff8eef0dfff monitored = 0 entry_point = 0x7ff8eeefef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 1230 start_va = 0x7ff8f2690000 end_va = 0x7ff8f26f6fff monitored = 0 entry_point = 0x7ff8f269b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1231 start_va = 0x7ff8f35b0000 end_va = 0x7ff8f362ffff monitored = 0 entry_point = 0x7ff8f35dd280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1232 start_va = 0x7ff8f3680000 end_va = 0x7ff8f36b5fff monitored = 0 entry_point = 0x7ff8f36827f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 1233 start_va = 0x7ff8f36c0000 end_va = 0x7ff8f36d0fff monitored = 0 entry_point = 0x7ff8f36c7480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 1234 start_va = 0x7ff8f36e0000 end_va = 0x7ff8f3763fff monitored = 0 entry_point = 0x7ff8f36f8d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1235 start_va = 0x7ff8f3770000 end_va = 0x7ff8f3785fff monitored = 0 entry_point = 0x7ff8f37755e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1236 start_va = 0x7ff8f3790000 end_va = 0x7ff8f3865fff monitored = 0 entry_point = 0x7ff8f37ba800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1237 start_va = 0x7ff8f3940000 end_va = 0x7ff8f39a3fff monitored = 0 entry_point = 0x7ff8f395bed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1238 start_va = 0x7ff8f39b0000 end_va = 0x7ff8f39d4fff monitored = 0 entry_point = 0x7ff8f39b9900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1239 start_va = 0x7ff8f39e0000 end_va = 0x7ff8f39f3fff monitored = 0 entry_point = 0x7ff8f39e1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1240 start_va = 0x7ff8f3a00000 end_va = 0x7ff8f3af5fff monitored = 0 entry_point = 0x7ff8f3a39590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1241 start_va = 0x7ff8f3b00000 end_va = 0x7ff8f3b73fff monitored = 0 entry_point = 0x7ff8f3b15eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1242 start_va = 0x7ff8f3b80000 end_va = 0x7ff8f3cb6fff monitored = 0 entry_point = 0x7ff8f3bc0480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1243 start_va = 0x7ff8f3d20000 end_va = 0x7ff8f3d35fff monitored = 0 entry_point = 0x7ff8f3d21d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 1244 start_va = 0x7ff8f3f20000 end_va = 0x7ff8f3f35fff monitored = 0 entry_point = 0x7ff8f3f21af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1245 start_va = 0x7ff8f3f40000 end_va = 0x7ff8f3f59fff monitored = 0 entry_point = 0x7ff8f3f42330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1246 start_va = 0x7ff8f3f60000 end_va = 0x7ff8f3f6cfff monitored = 0 entry_point = 0x7ff8f3f61420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1247 start_va = 0x7ff8f3f70000 end_va = 0x7ff8f3f7efff monitored = 0 entry_point = 0x7ff8f3f74960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1248 start_va = 0x7ff8f4980000 end_va = 0x7ff8f498bfff monitored = 0 entry_point = 0x7ff8f49835c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1249 start_va = 0x7ff8f49e0000 end_va = 0x7ff8f4a1ffff monitored = 0 entry_point = 0x7ff8f49ecbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 1250 start_va = 0x7ff8f4a20000 end_va = 0x7ff8f4a66fff monitored = 0 entry_point = 0x7ff8f4a21d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 1251 start_va = 0x7ff8f62e0000 end_va = 0x7ff8f62f0fff monitored = 0 entry_point = 0x7ff8f62e2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1252 start_va = 0x7ff8f6320000 end_va = 0x7ff8f633dfff monitored = 0 entry_point = 0x7ff8f6323a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1253 start_va = 0x7ff8f6340000 end_va = 0x7ff8f63c1fff monitored = 0 entry_point = 0x7ff8f6342a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1254 start_va = 0x7ff8f6420000 end_va = 0x7ff8f6461fff monitored = 0 entry_point = 0x7ff8f6423670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1255 start_va = 0x7ff8f6470000 end_va = 0x7ff8f648efff monitored = 0 entry_point = 0x7ff8f64737e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 1256 start_va = 0x7ff8f6490000 end_va = 0x7ff8f6508fff monitored = 0 entry_point = 0x7ff8f64976a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 1257 start_va = 0x7ff8f6580000 end_va = 0x7ff8f65bffff monitored = 0 entry_point = 0x7ff8f6596c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1258 start_va = 0x7ff8f65c0000 end_va = 0x7ff8f6662fff monitored = 0 entry_point = 0x7ff8f65c2c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1259 start_va = 0x7ff8f6670000 end_va = 0x7ff8f66c1fff monitored = 0 entry_point = 0x7ff8f6675770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1260 start_va = 0x7ff8f66e0000 end_va = 0x7ff8f670dfff monitored = 1 entry_point = 0x7ff8f66e2300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 1261 start_va = 0x7ff8f6710000 end_va = 0x7ff8f676dfff monitored = 0 entry_point = 0x7ff8f6715080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 1262 start_va = 0x7ff8f6770000 end_va = 0x7ff8f678ffff monitored = 0 entry_point = 0x7ff8f6771f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 1263 start_va = 0x7ff8f6790000 end_va = 0x7ff8f6798fff monitored = 0 entry_point = 0x7ff8f67918f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 1264 start_va = 0x7ff8f67a0000 end_va = 0x7ff8f67b0fff monitored = 0 entry_point = 0x7ff8f67a1d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1265 start_va = 0x7ff8f67c0000 end_va = 0x7ff8f67d7fff monitored = 0 entry_point = 0x7ff8f67c4e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 1266 start_va = 0x7ff8f67e0000 end_va = 0x7ff8f6804fff monitored = 0 entry_point = 0x7ff8f67e5ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 1267 start_va = 0x7ff8f6990000 end_va = 0x7ff8f69d0fff monitored = 0 entry_point = 0x7ff8f6993750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1268 start_va = 0x7ff8f69e0000 end_va = 0x7ff8f6ad2fff monitored = 0 entry_point = 0x7ff8f6a05d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1269 start_va = 0x7ff8f6d10000 end_va = 0x7ff8f6d5bfff monitored = 0 entry_point = 0x7ff8f6d25310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1270 start_va = 0x7ff8f73e0000 end_va = 0x7ff8f73f7fff monitored = 0 entry_point = 0x7ff8f73e2000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1271 start_va = 0x7ff8f7400000 end_va = 0x7ff8f7581fff monitored = 0 entry_point = 0x7ff8f74182a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1272 start_va = 0x7ff8f7610000 end_va = 0x7ff8f768efff monitored = 0 entry_point = 0x7ff8f7627110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1273 start_va = 0x7ff8f7690000 end_va = 0x7ff8f76cbfff monitored = 0 entry_point = 0x7ff8f7696aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1274 start_va = 0x7ff8f7720000 end_va = 0x7ff8f7754fff monitored = 0 entry_point = 0x7ff8f772a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 1275 start_va = 0x7ff8f7760000 end_va = 0x7ff8f7777fff monitored = 0 entry_point = 0x7ff8f776b850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 1276 start_va = 0x7ff8f7780000 end_va = 0x7ff8f7789fff monitored = 0 entry_point = 0x7ff8f77814c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1277 start_va = 0x7ff8f7bc0000 end_va = 0x7ff8f7bc8fff monitored = 0 entry_point = 0x7ff8f7bc21d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 1278 start_va = 0x7ff8f7ef0000 end_va = 0x7ff8f7f21fff monitored = 0 entry_point = 0x7ff8f7efb0c0 region_type = mapped_file name = "shacct.dll" filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll") Region: id = 1279 start_va = 0x7ff8f80c0000 end_va = 0x7ff8f80d7fff monitored = 0 entry_point = 0x7ff8f80c1b10 region_type = mapped_file name = "locationframeworkinternalps.dll" filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll") Region: id = 1280 start_va = 0x7ff8f80e0000 end_va = 0x7ff8f80e7fff monitored = 0 entry_point = 0x7ff8f80e13b0 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 1281 start_va = 0x7ff8f8c20000 end_va = 0x7ff8f8c31fff monitored = 0 entry_point = 0x7ff8f8c23580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1282 start_va = 0x7ff8f8cd0000 end_va = 0x7ff8f8cddfff monitored = 0 entry_point = 0x7ff8f8cd1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1283 start_va = 0x7ff8f8ce0000 end_va = 0x7ff8f8ceffff monitored = 0 entry_point = 0x7ff8f8ce1700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 1284 start_va = 0x7ff8f8cf0000 end_va = 0x7ff8f8cf8fff monitored = 0 entry_point = 0x7ff8f8cf1ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 1285 start_va = 0x7ff8f8d00000 end_va = 0x7ff8f8d2cfff monitored = 0 entry_point = 0x7ff8f8d02290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 1286 start_va = 0x7ff8f8d30000 end_va = 0x7ff8f8d81fff monitored = 0 entry_point = 0x7ff8f8d338e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 1287 start_va = 0x7ff8f8e20000 end_va = 0x7ff8f8e30fff monitored = 0 entry_point = 0x7ff8f8e228d0 region_type = mapped_file name = "credentialmigrationhandler.dll" filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll") Region: id = 1288 start_va = 0x7ff8f8e40000 end_va = 0x7ff8f8e54fff monitored = 0 entry_point = 0x7ff8f8e43460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1289 start_va = 0x7ff8f8e60000 end_va = 0x7ff8f8ef9fff monitored = 0 entry_point = 0x7ff8f8e7ada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1290 start_va = 0x7ff8f8fe0000 end_va = 0x7ff8f9046fff monitored = 0 entry_point = 0x7ff8f8fe63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1291 start_va = 0x7ff8f90b0000 end_va = 0x7ff8f90bafff monitored = 0 entry_point = 0x7ff8f90b1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1292 start_va = 0x7ff8f90d0000 end_va = 0x7ff8f9115fff monitored = 0 entry_point = 0x7ff8f90d79a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 1293 start_va = 0x7ff8f91b0000 end_va = 0x7ff8f91c9fff monitored = 0 entry_point = 0x7ff8f91b2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1294 start_va = 0x7ff8f91d0000 end_va = 0x7ff8f91e5fff monitored = 0 entry_point = 0x7ff8f91d19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1295 start_va = 0x7ff8f9340000 end_va = 0x7ff8f93edfff monitored = 0 entry_point = 0x7ff8f93580c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 1296 start_va = 0x7ff8f93f0000 end_va = 0x7ff8f9401fff monitored = 0 entry_point = 0x7ff8f93f9260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 1297 start_va = 0x7ff8f9410000 end_va = 0x7ff8f94c0fff monitored = 0 entry_point = 0x7ff8f94888b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 1298 start_va = 0x7ff8f94d0000 end_va = 0x7ff8f94f4fff monitored = 0 entry_point = 0x7ff8f94e2f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 1299 start_va = 0x7ff8f9500000 end_va = 0x7ff8f9510fff monitored = 0 entry_point = 0x7ff8f9507ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 1300 start_va = 0x7ff8f9520000 end_va = 0x7ff8f9539fff monitored = 0 entry_point = 0x7ff8f9522cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 1301 start_va = 0x7ff8f9540000 end_va = 0x7ff8f9594fff monitored = 0 entry_point = 0x7ff8f9543fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1302 start_va = 0x7ff8f95a0000 end_va = 0x7ff8f95d6fff monitored = 0 entry_point = 0x7ff8f95a6020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 1303 start_va = 0x7ff8f95e0000 end_va = 0x7ff8f95fffff monitored = 0 entry_point = 0x7ff8f95e39a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 1304 start_va = 0x7ff8f9600000 end_va = 0x7ff8f960bfff monitored = 0 entry_point = 0x7ff8f96014d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 1305 start_va = 0x7ff8f9610000 end_va = 0x7ff8f96cffff monitored = 0 entry_point = 0x7ff8f963fd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1306 start_va = 0x7ff8f96d0000 end_va = 0x7ff8f9707fff monitored = 0 entry_point = 0x7ff8f96e8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1307 start_va = 0x7ff8f9710000 end_va = 0x7ff8f9750fff monitored = 0 entry_point = 0x7ff8f9714840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 1308 start_va = 0x7ff8f9760000 end_va = 0x7ff8f9827fff monitored = 0 entry_point = 0x7ff8f97a13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1309 start_va = 0x7ff8f9830000 end_va = 0x7ff8f9890fff monitored = 0 entry_point = 0x7ff8f9834b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1310 start_va = 0x7ff8f98a0000 end_va = 0x7ff8f9a1bfff monitored = 0 entry_point = 0x7ff8f98f1650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 1311 start_va = 0x7ff8f9a20000 end_va = 0x7ff8f9a2afff monitored = 0 entry_point = 0x7ff8f9a21770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 1312 start_va = 0x7ff8f9be0000 end_va = 0x7ff8f9c0dfff monitored = 0 entry_point = 0x7ff8f9be7550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1313 start_va = 0x7ff8f9c10000 end_va = 0x7ff8f9c1cfff monitored = 0 entry_point = 0x7ff8f9c12ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 1314 start_va = 0x7ff8f9c20000 end_va = 0x7ff8f9c4efff monitored = 0 entry_point = 0x7ff8f9c28910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 1315 start_va = 0x7ff8f9cf0000 end_va = 0x7ff8f9cfbfff monitored = 0 entry_point = 0x7ff8f9cf2830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 1316 start_va = 0x7ff8f9d00000 end_va = 0x7ff8f9d13fff monitored = 0 entry_point = 0x7ff8f9d02d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1317 start_va = 0x7ff8fa1b0000 end_va = 0x7ff8fa1c5fff monitored = 0 entry_point = 0x7ff8fa1b1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1318 start_va = 0x7ff8fa260000 end_va = 0x7ff8fa278fff monitored = 0 entry_point = 0x7ff8fa264520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1319 start_va = 0x7ff8fa900000 end_va = 0x7ff8fa949fff monitored = 0 entry_point = 0x7ff8fa90ac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 1320 start_va = 0x7ff8faa10000 end_va = 0x7ff8faaf5fff monitored = 0 entry_point = 0x7ff8faa2cf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 1321 start_va = 0x7ff8fab50000 end_va = 0x7ff8fab66fff monitored = 0 entry_point = 0x7ff8fab55630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1322 start_va = 0x7ff8fabb0000 end_va = 0x7ff8fac41fff monitored = 0 entry_point = 0x7ff8fabfa780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1323 start_va = 0x7ff8faeb0000 end_va = 0x7ff8fb231fff monitored = 0 entry_point = 0x7ff8faf01220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1324 start_va = 0x7ff8fb240000 end_va = 0x7ff8fb375fff monitored = 0 entry_point = 0x7ff8fb26f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1325 start_va = 0x7ff8fc470000 end_va = 0x7ff8fc57dfff monitored = 0 entry_point = 0x7ff8fc4beaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 1326 start_va = 0x7ff8fc950000 end_va = 0x7ff8fc98dfff monitored = 0 entry_point = 0x7ff8fc95a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1327 start_va = 0x7ff8fc990000 end_va = 0x7ff8fc9b6fff monitored = 0 entry_point = 0x7ff8fc993bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 1328 start_va = 0x7ff8fc9c0000 end_va = 0x7ff8fc9d2fff monitored = 0 entry_point = 0x7ff8fc9c57f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1329 start_va = 0x7ff8fc9e0000 end_va = 0x7ff8fca59fff monitored = 0 entry_point = 0x7ff8fca07630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1330 start_va = 0x7ff8fca60000 end_va = 0x7ff8fca6ffff monitored = 0 entry_point = 0x7ff8fca62c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 1331 start_va = 0x7ff8fca90000 end_va = 0x7ff8fcafdfff monitored = 0 entry_point = 0x7ff8fca97f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1332 start_va = 0x7ff8fcb00000 end_va = 0x7ff8fcb10fff monitored = 0 entry_point = 0x7ff8fcb03320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1333 start_va = 0x7ff8fcb20000 end_va = 0x7ff8fcb74fff monitored = 0 entry_point = 0x7ff8fcb2fc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1334 start_va = 0x7ff8fcb80000 end_va = 0x7ff8fcbc0fff monitored = 0 entry_point = 0x7ff8fcb97eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1335 start_va = 0x7ff8fcbd0000 end_va = 0x7ff8fcccbfff monitored = 0 entry_point = 0x7ff8fcc06df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1336 start_va = 0x7ff8fccd0000 end_va = 0x7ff8fcd33fff monitored = 0 entry_point = 0x7ff8fcce5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1337 start_va = 0x7ff8fcf00000 end_va = 0x7ff8fcfbefff monitored = 0 entry_point = 0x7ff8fcf21c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1338 start_va = 0x7ff8fcff0000 end_va = 0x7ff8fd025fff monitored = 0 entry_point = 0x7ff8fd000070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1339 start_va = 0x7ff8fd8d0000 end_va = 0x7ff8fd8d9fff monitored = 0 entry_point = 0x7ff8fd8d1660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1340 start_va = 0x7ff8fd8e0000 end_va = 0x7ff8fd8f7fff monitored = 0 entry_point = 0x7ff8fd8e5910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1341 start_va = 0x7ff8fd900000 end_va = 0x7ff8fda4cfff monitored = 0 entry_point = 0x7ff8fd943da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1342 start_va = 0x7ff8fde10000 end_va = 0x7ff8fe2a2fff monitored = 0 entry_point = 0x7ff8fde1f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1343 start_va = 0x7ff8fe2b0000 end_va = 0x7ff8fe316fff monitored = 0 entry_point = 0x7ff8fe2ce710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 1344 start_va = 0x7ff8fe370000 end_va = 0x7ff8fe377fff monitored = 0 entry_point = 0x7ff8fe3713e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 1345 start_va = 0x7ff8fec10000 end_va = 0x7ff8fec88fff monitored = 0 entry_point = 0x7ff8fec2fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1346 start_va = 0x7ff8fec90000 end_va = 0x7ff8fee15fff monitored = 0 entry_point = 0x7ff8fecdd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1347 start_va = 0x7ff8fee20000 end_va = 0x7ff8fee3bfff monitored = 0 entry_point = 0x7ff8fee237a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1348 start_va = 0x7ff8fee80000 end_va = 0x7ff8fee92fff monitored = 0 entry_point = 0x7ff8fee82760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1349 start_va = 0x7ff8fefa0000 end_va = 0x7ff8fefbcfff monitored = 0 entry_point = 0x7ff8fefa4f60 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 1350 start_va = 0x7ff8fefc0000 end_va = 0x7ff8fefdefff monitored = 0 entry_point = 0x7ff8fefc4960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1351 start_va = 0x7ff8feff0000 end_va = 0x7ff8ff02ffff monitored = 0 entry_point = 0x7ff8ff001960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 1352 start_va = 0x7ff8ff160000 end_va = 0x7ff8ff186fff monitored = 0 entry_point = 0x7ff8ff167940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1353 start_va = 0x7ff8ff1b0000 end_va = 0x7ff8ff259fff monitored = 0 entry_point = 0x7ff8ff1d7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1354 start_va = 0x7ff8ff260000 end_va = 0x7ff8ff35ffff monitored = 0 entry_point = 0x7ff8ff2a0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1355 start_va = 0x7ff8ff3f0000 end_va = 0x7ff8ff3fbfff monitored = 0 entry_point = 0x7ff8ff3f2480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1356 start_va = 0x7ff8ff4c0000 end_va = 0x7ff8ff4f1fff monitored = 0 entry_point = 0x7ff8ff4d2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1357 start_va = 0x7ff8ff730000 end_va = 0x7ff8ff73bfff monitored = 0 entry_point = 0x7ff8ff732790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 1358 start_va = 0x7ff8ff740000 end_va = 0x7ff8ff763fff monitored = 0 entry_point = 0x7ff8ff743260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1359 start_va = 0x7ff8ff8e0000 end_va = 0x7ff8ff9d3fff monitored = 0 entry_point = 0x7ff8ff8ea960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1360 start_va = 0x7ff8ffa30000 end_va = 0x7ff8ffa78fff monitored = 0 entry_point = 0x7ff8ffa3a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1361 start_va = 0x7ff8ffb50000 end_va = 0x7ff8ffb5bfff monitored = 0 entry_point = 0x7ff8ffb527e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1362 start_va = 0x7ff8ffc30000 end_va = 0x7ff8ffc60fff monitored = 0 entry_point = 0x7ff8ffc37d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1363 start_va = 0x7ff8ffc90000 end_va = 0x7ff8ffd09fff monitored = 0 entry_point = 0x7ff8ffcb1a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1364 start_va = 0x7ff8ffd50000 end_va = 0x7ff8ffd83fff monitored = 0 entry_point = 0x7ff8ffd6ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1365 start_va = 0x7ff8ffd90000 end_va = 0x7ff8ffd99fff monitored = 0 entry_point = 0x7ff8ffd91830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1366 start_va = 0x7ff8ffea0000 end_va = 0x7ff8ffebefff monitored = 0 entry_point = 0x7ff8ffea5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1367 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1368 start_va = 0x7ff9000c0000 end_va = 0x7ff9000d6fff monitored = 0 entry_point = 0x7ff9000c79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1369 start_va = 0x7ff9001e0000 end_va = 0x7ff9001eafff monitored = 0 entry_point = 0x7ff9001e19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1370 start_va = 0x7ff900220000 end_va = 0x7ff900240fff monitored = 0 entry_point = 0x7ff900230250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 1371 start_va = 0x7ff900270000 end_va = 0x7ff9002a9fff monitored = 0 entry_point = 0x7ff900278d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1372 start_va = 0x7ff9002b0000 end_va = 0x7ff9002d6fff monitored = 0 entry_point = 0x7ff9002c0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1373 start_va = 0x7ff9003c0000 end_va = 0x7ff900415fff monitored = 0 entry_point = 0x7ff9003d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1374 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1375 start_va = 0x7ff9005b0000 end_va = 0x7ff9005c8fff monitored = 0 entry_point = 0x7ff9005b5e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 1376 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1377 start_va = 0x7ff900600000 end_va = 0x7ff900698fff monitored = 0 entry_point = 0x7ff90062f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1378 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1379 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1380 start_va = 0x7ff9007b0000 end_va = 0x7ff9007bffff monitored = 0 entry_point = 0x7ff9007b56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1381 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1382 start_va = 0x7ff9007d0000 end_va = 0x7ff900996fff monitored = 0 entry_point = 0x7ff90082db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1383 start_va = 0x7ff9009a0000 end_va = 0x7ff9009f4fff monitored = 0 entry_point = 0x7ff9009b7970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1384 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1385 start_va = 0x7ff900a50000 end_va = 0x7ff900b04fff monitored = 0 entry_point = 0x7ff900a922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1386 start_va = 0x7ff900b10000 end_va = 0x7ff901153fff monitored = 0 entry_point = 0x7ff900cd64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1387 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1388 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1389 start_va = 0x7ff901470000 end_va = 0x7ff901486fff monitored = 0 entry_point = 0x7ff901471390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1390 start_va = 0x7ff901490000 end_va = 0x7ff901515fff monitored = 0 entry_point = 0x7ff90149d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1391 start_va = 0x7ff901520000 end_va = 0x7ff90157bfff monitored = 0 entry_point = 0x7ff90153b720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1392 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1393 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1394 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1395 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1396 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1397 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1398 start_va = 0x7ff901f80000 end_va = 0x7ff9020c2fff monitored = 0 entry_point = 0x7ff901fa8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1399 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1400 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1401 start_va = 0x7ff902250000 end_va = 0x7ff902257fff monitored = 0 entry_point = 0x7ff902251ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1402 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1403 start_va = 0x7ff9024a0000 end_va = 0x7ff9039fefff monitored = 0 entry_point = 0x7ff9026011f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1404 start_va = 0x7ff903a00000 end_va = 0x7ff903e28fff monitored = 0 entry_point = 0x7ff903a28740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1405 start_va = 0x7ff903e40000 end_va = 0x7ff903e91fff monitored = 0 entry_point = 0x7ff903e4f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1406 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1407 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1408 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2532 start_va = 0x120000 end_va = 0x120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 2873 start_va = 0x5800000 end_va = 0x58fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 2874 start_va = 0x5d00000 end_va = 0x5dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d00000" filename = "" Region: id = 2875 start_va = 0x5e00000 end_va = 0x5efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e00000" filename = "" Region: id = 2876 start_va = 0x6300000 end_va = 0x63fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006300000" filename = "" Region: id = 2877 start_va = 0x120000 end_va = 0x125fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 2879 start_va = 0x120000 end_va = 0x127fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 2880 start_va = 0x120000 end_va = 0x125fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 3164 start_va = 0x120000 end_va = 0x120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 3165 start_va = 0x120000 end_va = 0x121fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 3279 start_va = 0x120000 end_va = 0x120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 3280 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Thread: id = 137 os_tid = 0x1258 Thread: id = 138 os_tid = 0x1230 Thread: id = 139 os_tid = 0x122c Thread: id = 140 os_tid = 0xf1c Thread: id = 141 os_tid = 0xf04 Thread: id = 142 os_tid = 0x404 Thread: id = 143 os_tid = 0x224 Thread: id = 144 os_tid = 0x6f4 Thread: id = 145 os_tid = 0x3a4 Thread: id = 146 os_tid = 0x6e4 Thread: id = 147 os_tid = 0x578 Thread: id = 148 os_tid = 0x238 Thread: id = 149 os_tid = 0x31c Thread: id = 150 os_tid = 0xa7c Thread: id = 151 os_tid = 0x9c0 Thread: id = 152 os_tid = 0x8ac Thread: id = 153 os_tid = 0xb44 Thread: id = 154 os_tid = 0x424 Thread: id = 155 os_tid = 0xb90 Thread: id = 156 os_tid = 0xf4 Thread: id = 157 os_tid = 0xf0 Thread: id = 158 os_tid = 0x840 Thread: id = 159 os_tid = 0x3a8 Thread: id = 160 os_tid = 0x368 Thread: id = 161 os_tid = 0xbdc Thread: id = 162 os_tid = 0x9c4 Thread: id = 163 os_tid = 0x2ec Thread: id = 164 os_tid = 0x7c0 Thread: id = 165 os_tid = 0x814 Thread: id = 166 os_tid = 0x810 Thread: id = 167 os_tid = 0x80c Thread: id = 168 os_tid = 0x624 Thread: id = 169 os_tid = 0x788 Thread: id = 170 os_tid = 0x4dc Thread: id = 171 os_tid = 0x53c Thread: id = 172 os_tid = 0x618 Thread: id = 173 os_tid = 0x6f0 Thread: id = 174 os_tid = 0x6e8 Thread: id = 175 os_tid = 0x6ac Thread: id = 176 os_tid = 0x62c Thread: id = 177 os_tid = 0x4b8 Thread: id = 178 os_tid = 0x454 Thread: id = 179 os_tid = 0x45c Thread: id = 180 os_tid = 0x440 Thread: id = 181 os_tid = 0x270 Thread: id = 182 os_tid = 0x308 Thread: id = 183 os_tid = 0x7ec Thread: id = 184 os_tid = 0x518 Thread: id = 185 os_tid = 0x798 Thread: id = 186 os_tid = 0x74c Thread: id = 187 os_tid = 0x468 Thread: id = 188 os_tid = 0x70c Thread: id = 189 os_tid = 0x6d8 Thread: id = 190 os_tid = 0x5d8 Thread: id = 191 os_tid = 0x538 Thread: id = 192 os_tid = 0x4c0 Thread: id = 193 os_tid = 0x498 Thread: id = 194 os_tid = 0x490 Thread: id = 195 os_tid = 0x46c Thread: id = 196 os_tid = 0x458 Thread: id = 197 os_tid = 0x3bc Thread: id = 198 os_tid = 0x3b0 Thread: id = 199 os_tid = 0x2cc Thread: id = 200 os_tid = 0x160 Thread: id = 201 os_tid = 0x20c Thread: id = 202 os_tid = 0x150 Thread: id = 203 os_tid = 0x170 Thread: id = 204 os_tid = 0x154 Thread: id = 205 os_tid = 0x158 Thread: id = 206 os_tid = 0x3f4 Thread: id = 207 os_tid = 0x3e4 Thread: id = 208 os_tid = 0x35c Thread: id = 415 os_tid = 0x13b8 Thread: id = 416 os_tid = 0x13bc Thread: id = 417 os_tid = 0x13c0 Thread: id = 418 os_tid = 0x13c4 Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x74da3000" os_pid = "0x378" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xa], "NT SERVICE\\CoreMessagingRegistrar" [0xe], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\NcdAutoSetup" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac06" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Region: id = 2098 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2099 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2100 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2101 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2102 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2103 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2104 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2105 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2106 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2107 start_va = 0x120000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 2108 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 2109 start_va = 0x140000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 2110 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 2111 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 2112 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2113 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2114 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2115 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2116 start_va = 0x1b0000 end_va = 0x1b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bfe.dll.mui" filename = "\\Windows\\System32\\en-US\\bfe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\bfe.dll.mui") Region: id = 2117 start_va = 0x1c0000 end_va = 0x1e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 2118 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2119 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2120 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2121 start_va = 0x500000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2122 start_va = 0x5c0000 end_va = 0x747fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2123 start_va = 0x750000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 2124 start_va = 0x760000 end_va = 0x760fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2125 start_va = 0x770000 end_va = 0x770fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 2126 start_va = 0x780000 end_va = 0x787fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 2127 start_va = 0x790000 end_va = 0x790fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 2128 start_va = 0x7a0000 end_va = 0x7a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 2129 start_va = 0x7b0000 end_va = 0x7b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 2130 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 2131 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 2132 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 2133 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 2134 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 2135 start_va = 0x900000 end_va = 0xa80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 2136 start_va = 0xa90000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 2137 start_va = 0xb50000 end_va = 0xbd0fff monitored = 0 entry_point = 0xb5d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2138 start_va = 0xbe0000 end_va = 0xbe1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 2139 start_va = 0xbf0000 end_va = 0xbf6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 2140 start_va = 0xc00000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 2141 start_va = 0xd00000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 2142 start_va = 0xd80000 end_va = 0xd81fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 2143 start_va = 0xd90000 end_va = 0xd90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d90000" filename = "" Region: id = 2144 start_va = 0xda0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 2145 start_va = 0xdc0000 end_va = 0xdc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 2146 start_va = 0xdd0000 end_va = 0xdd1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 2147 start_va = 0xdf0000 end_va = 0xdf6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000df0000" filename = "" Region: id = 2148 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 2149 start_va = 0xf00000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 2150 start_va = 0x1700000 end_va = 0x170ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2151 start_va = 0x1760000 end_va = 0x176ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2152 start_va = 0x1770000 end_va = 0x177ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2153 start_va = 0x1780000 end_va = 0x178ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2154 start_va = 0x17a0000 end_va = 0x17affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2155 start_va = 0x17b0000 end_va = 0x17bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2156 start_va = 0x17c0000 end_va = 0x17cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2157 start_va = 0x17d0000 end_va = 0x17d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017d0000" filename = "" Region: id = 2158 start_va = 0x17e0000 end_va = 0x17e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017e0000" filename = "" Region: id = 2159 start_va = 0x17f0000 end_va = 0x17f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017f0000" filename = "" Region: id = 2160 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 2161 start_va = 0x1900000 end_va = 0x190ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2162 start_va = 0x1910000 end_va = 0x1916fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001910000" filename = "" Region: id = 2163 start_va = 0x1920000 end_va = 0x192ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2164 start_va = 0x1930000 end_va = 0x193ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2165 start_va = 0x1950000 end_va = 0x19cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001950000" filename = "" Region: id = 2166 start_va = 0x19f0000 end_va = 0x19fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2167 start_va = 0x1a00000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 2168 start_va = 0x1b00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 2169 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 2170 start_va = 0x1d00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 2171 start_va = 0x1e00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 2172 start_va = 0x1f00000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 2173 start_va = 0x2000000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 2174 start_va = 0x2100000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 2175 start_va = 0x2200000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 2176 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 2177 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 2178 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 2179 start_va = 0x2600000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 2180 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 2181 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2182 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 2183 start_va = 0x2a00000 end_va = 0x2d36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2184 start_va = 0x2d40000 end_va = 0x2e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d40000" filename = "" Region: id = 2185 start_va = 0x2e40000 end_va = 0x2f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e40000" filename = "" Region: id = 2186 start_va = 0x2f50000 end_va = 0x2f5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2187 start_va = 0x2f80000 end_va = 0x2f8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srudb.dat" filename = "\\Windows\\System32\\sru\\SRUDB.dat" (normalized: "c:\\windows\\system32\\sru\\srudb.dat") Region: id = 2188 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 2189 start_va = 0x3100000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 2190 start_va = 0x3200000 end_va = 0x3401fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 2191 start_va = 0x3410000 end_va = 0x350ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003410000" filename = "" Region: id = 2192 start_va = 0x3510000 end_va = 0x360ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003510000" filename = "" Region: id = 2193 start_va = 0x3700000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 2194 start_va = 0x3800000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 2195 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 2196 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 2197 start_va = 0x3b00000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 2198 start_va = 0x3c00000 end_va = 0x3cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 2199 start_va = 0x3d00000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 2200 start_va = 0x3e00000 end_va = 0x3efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 2201 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 2202 start_va = 0x4000000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 2203 start_va = 0x4100000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 2204 start_va = 0x4200000 end_va = 0x42fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 2205 start_va = 0x4300000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 2206 start_va = 0x4400000 end_va = 0x44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 2207 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 2208 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 2209 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 2210 start_va = 0x4800000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2211 start_va = 0x4900000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 2212 start_va = 0x4a00000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 2213 start_va = 0x4b00000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 2214 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 2215 start_va = 0x4d00000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d00000" filename = "" Region: id = 2216 start_va = 0x4e00000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 2217 start_va = 0x4f00000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 2218 start_va = 0x5000000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 2219 start_va = 0x5100000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005100000" filename = "" Region: id = 2220 start_va = 0x5200000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 2221 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2222 start_va = 0x5400000 end_va = 0x54fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 2223 start_va = 0x5500000 end_va = 0x55fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005500000" filename = "" Region: id = 2224 start_va = 0x5600000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 2225 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 2226 start_va = 0x5800000 end_va = 0x58fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 2227 start_va = 0x5900000 end_va = 0x59fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005900000" filename = "" Region: id = 2228 start_va = 0x5a00000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 2229 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 2230 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 2231 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2232 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2233 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2234 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2235 start_va = 0x7ff731720000 end_va = 0x7ff73172cfff monitored = 0 entry_point = 0x7ff731723980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2236 start_va = 0x7ff8f55e0000 end_va = 0x7ff8f562ffff monitored = 0 entry_point = 0x7ff8f55e2580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 2237 start_va = 0x7ff8f6300000 end_va = 0x7ff8f6314fff monitored = 0 entry_point = 0x7ff8f6303040 region_type = mapped_file name = "energyprov.dll" filename = "\\Windows\\System32\\energyprov.dll" (normalized: "c:\\windows\\system32\\energyprov.dll") Region: id = 2238 start_va = 0x7ff8f6410000 end_va = 0x7ff8f641bfff monitored = 0 entry_point = 0x7ff8f6413ab0 region_type = mapped_file name = "ncuprov.dll" filename = "\\Windows\\System32\\ncuprov.dll" (normalized: "c:\\windows\\system32\\ncuprov.dll") Region: id = 2239 start_va = 0x7ff8f6510000 end_va = 0x7ff8f651dfff monitored = 0 entry_point = 0x7ff8f6513c90 region_type = mapped_file name = "wpnsruprov.dll" filename = "\\Windows\\System32\\wpnsruprov.dll" (normalized: "c:\\windows\\system32\\wpnsruprov.dll") Region: id = 2240 start_va = 0x7ff8f6520000 end_va = 0x7ff8f6538fff monitored = 0 entry_point = 0x7ff8f652c2f0 region_type = mapped_file name = "appsruprov.dll" filename = "\\Windows\\System32\\appsruprov.dll" (normalized: "c:\\windows\\system32\\appsruprov.dll") Region: id = 2241 start_va = 0x7ff8f6540000 end_va = 0x7ff8f655afff monitored = 0 entry_point = 0x7ff8f654c6a0 region_type = mapped_file name = "eeprov.dll" filename = "\\Windows\\System32\\eeprov.dll" (normalized: "c:\\windows\\system32\\eeprov.dll") Region: id = 2242 start_va = 0x7ff8f6560000 end_va = 0x7ff8f6573fff monitored = 0 entry_point = 0x7ff8f6565d60 region_type = mapped_file name = "nduprov.dll" filename = "\\Windows\\System32\\nduprov.dll" (normalized: "c:\\windows\\system32\\nduprov.dll") Region: id = 2243 start_va = 0x7ff8f6580000 end_va = 0x7ff8f65bffff monitored = 0 entry_point = 0x7ff8f6596c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 2244 start_va = 0x7ff8f6830000 end_va = 0x7ff8f6866fff monitored = 0 entry_point = 0x7ff8f683a9e0 region_type = mapped_file name = "srumsvc.dll" filename = "\\Windows\\System32\\srumsvc.dll" (normalized: "c:\\windows\\system32\\srumsvc.dll") Region: id = 2245 start_va = 0x7ff8f6930000 end_va = 0x7ff8f694dfff monitored = 0 entry_point = 0x7ff8f6935190 region_type = mapped_file name = "radardt.dll" filename = "\\Windows\\System32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll") Region: id = 2246 start_va = 0x7ff8f6950000 end_va = 0x7ff8f6958fff monitored = 0 entry_point = 0x7ff8f6951620 region_type = mapped_file name = "pnpts.dll" filename = "\\Windows\\System32\\pnpts.dll" (normalized: "c:\\windows\\system32\\pnpts.dll") Region: id = 2247 start_va = 0x7ff8f6b10000 end_va = 0x7ff8f6c75fff monitored = 0 entry_point = 0x7ff8f6b579f0 region_type = mapped_file name = "diagperf.dll" filename = "\\Windows\\System32\\diagperf.dll" (normalized: "c:\\windows\\system32\\diagperf.dll") Region: id = 2248 start_va = 0x7ff8f6f20000 end_va = 0x7ff8f7218fff monitored = 0 entry_point = 0x7ff8f6fe7280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 2249 start_va = 0x7ff8f72a0000 end_va = 0x7ff8f72abfff monitored = 0 entry_point = 0x7ff8f72a16a0 region_type = mapped_file name = "wfapigp.dll" filename = "\\Windows\\System32\\wfapigp.dll" (normalized: "c:\\windows\\system32\\wfapigp.dll") Region: id = 2250 start_va = 0x7ff8f73c0000 end_va = 0x7ff8f73dcfff monitored = 0 entry_point = 0x7ff8f73c6190 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 2251 start_va = 0x7ff8f7590000 end_va = 0x7ff8f7597fff monitored = 0 entry_point = 0x7ff8f7591ab0 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 2252 start_va = 0x7ff8f75a0000 end_va = 0x7ff8f75a7fff monitored = 0 entry_point = 0x7ff8f75a10a0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2253 start_va = 0x7ff8f75b0000 end_va = 0x7ff8f75b9fff monitored = 0 entry_point = 0x7ff8f75b15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 2254 start_va = 0x7ff8f76d0000 end_va = 0x7ff8f76fffff monitored = 0 entry_point = 0x7ff8f76da670 region_type = mapped_file name = "dps.dll" filename = "\\Windows\\System32\\dps.dll" (normalized: "c:\\windows\\system32\\dps.dll") Region: id = 2255 start_va = 0x7ff8f7720000 end_va = 0x7ff8f7754fff monitored = 0 entry_point = 0x7ff8f772a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 2256 start_va = 0x7ff8f7bb0000 end_va = 0x7ff8f7bb9fff monitored = 0 entry_point = 0x7ff8f7bb3070 region_type = mapped_file name = "adhapi.dll" filename = "\\Windows\\System32\\adhapi.dll" (normalized: "c:\\windows\\system32\\adhapi.dll") Region: id = 2257 start_va = 0x7ff8f7bc0000 end_va = 0x7ff8f7bc8fff monitored = 0 entry_point = 0x7ff8f7bc21d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 2258 start_va = 0x7ff8f7bd0000 end_va = 0x7ff8f7cacfff monitored = 0 entry_point = 0x7ff8f7c05630 region_type = mapped_file name = "mpssvc.dll" filename = "\\Windows\\System32\\MPSSVC.dll" (normalized: "c:\\windows\\system32\\mpssvc.dll") Region: id = 2259 start_va = 0x7ff8f7fd0000 end_va = 0x7ff8f809afff monitored = 0 entry_point = 0x7ff8f7ff87f0 region_type = mapped_file name = "bfe.dll" filename = "\\Windows\\System32\\BFE.DLL" (normalized: "c:\\windows\\system32\\bfe.dll") Region: id = 2260 start_va = 0x7ff8f8cd0000 end_va = 0x7ff8f8cddfff monitored = 0 entry_point = 0x7ff8f8cd1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 2261 start_va = 0x7ff8f8fe0000 end_va = 0x7ff8f9046fff monitored = 0 entry_point = 0x7ff8f8fe63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2262 start_va = 0x7ff8f90b0000 end_va = 0x7ff8f90bafff monitored = 0 entry_point = 0x7ff8f90b1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2263 start_va = 0x7ff8f91b0000 end_va = 0x7ff8f91c9fff monitored = 0 entry_point = 0x7ff8f91b2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2264 start_va = 0x7ff8f91d0000 end_va = 0x7ff8f91e5fff monitored = 0 entry_point = 0x7ff8f91d19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2265 start_va = 0x7ff8f9540000 end_va = 0x7ff8f9594fff monitored = 0 entry_point = 0x7ff8f9543fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 2266 start_va = 0x7ff8f96d0000 end_va = 0x7ff8f9707fff monitored = 0 entry_point = 0x7ff8f96e8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2267 start_va = 0x7ff8fa000000 end_va = 0x7ff8fa092fff monitored = 0 entry_point = 0x7ff8fa009680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 2268 start_va = 0x7ff8fa1b0000 end_va = 0x7ff8fa1c5fff monitored = 0 entry_point = 0x7ff8fa1b1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2269 start_va = 0x7ff8fabb0000 end_va = 0x7ff8fac41fff monitored = 0 entry_point = 0x7ff8fabfa780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 2270 start_va = 0x7ff8faeb0000 end_va = 0x7ff8fb231fff monitored = 0 entry_point = 0x7ff8faf01220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 2271 start_va = 0x7ff8fb240000 end_va = 0x7ff8fb375fff monitored = 0 entry_point = 0x7ff8fb26f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2272 start_va = 0x7ff8fc470000 end_va = 0x7ff8fc57dfff monitored = 0 entry_point = 0x7ff8fc4beaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 2273 start_va = 0x7ff8fca70000 end_va = 0x7ff8fca82fff monitored = 0 entry_point = 0x7ff8fca72570 region_type = mapped_file name = "srumapi.dll" filename = "\\Windows\\System32\\srumapi.dll" (normalized: "c:\\windows\\system32\\srumapi.dll") Region: id = 2274 start_va = 0x7ff8fccd0000 end_va = 0x7ff8fcd33fff monitored = 0 entry_point = 0x7ff8fcce5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2275 start_va = 0x7ff8fcf00000 end_va = 0x7ff8fcfbefff monitored = 0 entry_point = 0x7ff8fcf21c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 2276 start_va = 0x7ff8fdcd0000 end_va = 0x7ff8fdd6bfff monitored = 0 entry_point = 0x7ff8fdd296a0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll") Region: id = 2277 start_va = 0x7ff8fe760000 end_va = 0x7ff8fe81dfff monitored = 0 entry_point = 0x7ff8fe7a2d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 2278 start_va = 0x7ff8ff160000 end_va = 0x7ff8ff186fff monitored = 0 entry_point = 0x7ff8ff167940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2279 start_va = 0x7ff8ff1b0000 end_va = 0x7ff8ff259fff monitored = 0 entry_point = 0x7ff8ff1d7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2280 start_va = 0x7ff8ff4c0000 end_va = 0x7ff8ff4f1fff monitored = 0 entry_point = 0x7ff8ff4d2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2281 start_va = 0x7ff8ff740000 end_va = 0x7ff8ff763fff monitored = 0 entry_point = 0x7ff8ff743260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2282 start_va = 0x7ff8ff8e0000 end_va = 0x7ff8ff9d3fff monitored = 0 entry_point = 0x7ff8ff8ea960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2283 start_va = 0x7ff8ffa30000 end_va = 0x7ff8ffa78fff monitored = 0 entry_point = 0x7ff8ffa3a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 2284 start_va = 0x7ff8ffb50000 end_va = 0x7ff8ffb5bfff monitored = 0 entry_point = 0x7ff8ffb527e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2285 start_va = 0x7ff8ffc30000 end_va = 0x7ff8ffc60fff monitored = 0 entry_point = 0x7ff8ffc37d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2286 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2287 start_va = 0x7ff9001e0000 end_va = 0x7ff9001eafff monitored = 0 entry_point = 0x7ff9001e19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2288 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2289 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2290 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2291 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2292 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2293 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2294 start_va = 0x7ff900a50000 end_va = 0x7ff900b04fff monitored = 0 entry_point = 0x7ff900a922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2295 start_va = 0x7ff900b10000 end_va = 0x7ff901153fff monitored = 0 entry_point = 0x7ff900cd64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2296 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2297 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2298 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2299 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2300 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2301 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2302 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2303 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2304 start_va = 0x7ff901f80000 end_va = 0x7ff9020c2fff monitored = 0 entry_point = 0x7ff901fa8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2305 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2306 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2307 start_va = 0x7ff902250000 end_va = 0x7ff902257fff monitored = 0 entry_point = 0x7ff902251ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2308 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2309 start_va = 0x7ff903e40000 end_va = 0x7ff903e91fff monitored = 0 entry_point = 0x7ff903e4f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2310 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2311 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2312 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2336 start_va = 0x1710000 end_va = 0x1751fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001710000" filename = "" Region: id = 2528 start_va = 0x1710000 end_va = 0x1753fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001710000" filename = "" Region: id = 2541 start_va = 0x1710000 end_va = 0x1751fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001710000" filename = "" Region: id = 2676 start_va = 0xde0000 end_va = 0xde0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 2677 start_va = 0x1710000 end_va = 0x1710fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001710000" filename = "" Region: id = 2685 start_va = 0xde0000 end_va = 0xde0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 2686 start_va = 0x1700000 end_va = 0x1700fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 2689 start_va = 0xde0000 end_va = 0xde0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 2798 start_va = 0x110000 end_va = 0x151fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 3015 start_va = 0x110000 end_va = 0x151fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 3018 start_va = 0x110000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 3020 start_va = 0x110000 end_va = 0x151fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 3022 start_va = 0x110000 end_va = 0x151fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Thread: id = 209 os_tid = 0x2c0 Thread: id = 210 os_tid = 0x398 Thread: id = 211 os_tid = 0xbfc Thread: id = 212 os_tid = 0x344 Thread: id = 213 os_tid = 0xbb8 Thread: id = 214 os_tid = 0x284 Thread: id = 215 os_tid = 0xa10 Thread: id = 216 os_tid = 0x86c Thread: id = 217 os_tid = 0x7d0 Thread: id = 218 os_tid = 0x8c Thread: id = 219 os_tid = 0x5cc Thread: id = 220 os_tid = 0xa60 Thread: id = 221 os_tid = 0x478 Thread: id = 222 os_tid = 0x7fc Thread: id = 223 os_tid = 0x7f4 Thread: id = 224 os_tid = 0x790 Thread: id = 225 os_tid = 0x774 Thread: id = 226 os_tid = 0x768 Thread: id = 227 os_tid = 0x75c Thread: id = 228 os_tid = 0x720 Thread: id = 229 os_tid = 0x71c Thread: id = 230 os_tid = 0x700 Thread: id = 231 os_tid = 0x6fc Thread: id = 232 os_tid = 0x6f8 Thread: id = 233 os_tid = 0x6d0 Thread: id = 234 os_tid = 0x6c4 Thread: id = 235 os_tid = 0x6c0 Thread: id = 236 os_tid = 0x6b8 Thread: id = 237 os_tid = 0x6b0 Thread: id = 238 os_tid = 0x6a8 Thread: id = 239 os_tid = 0x6a4 Thread: id = 240 os_tid = 0x6a0 Thread: id = 241 os_tid = 0x69c Thread: id = 242 os_tid = 0x60c Thread: id = 243 os_tid = 0x3b4 Thread: id = 244 os_tid = 0x37c Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x74dc2000" os_pid = "0x38c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\vmictimesync" [0xa], "NT SERVICE\\Wcmsvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c7a2" [0xc000000f], "LOCAL" [0x7] Region: id = 695 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 696 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 697 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 698 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 699 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 700 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 701 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 702 start_va = 0x100000 end_va = 0x100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 703 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 704 start_va = 0x120000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 705 start_va = 0x140000 end_va = 0x146fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 706 start_va = 0x150000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 707 start_va = 0x1d0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 708 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 709 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 710 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 711 start_va = 0x500000 end_va = 0x5bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 712 start_va = 0x5c0000 end_va = 0x747fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 713 start_va = 0x750000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 714 start_va = 0x770000 end_va = 0x770fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 715 start_va = 0x780000 end_va = 0x786fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 716 start_va = 0x790000 end_va = 0x7f3fff monitored = 0 entry_point = 0x7a5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 717 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 718 start_va = 0x900000 end_va = 0xa80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000900000" filename = "" Region: id = 719 start_va = 0xa90000 end_va = 0xb4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a90000" filename = "" Region: id = 720 start_va = 0xc50000 end_va = 0xc50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c50000" filename = "" Region: id = 721 start_va = 0xc60000 end_va = 0xc60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 722 start_va = 0xc70000 end_va = 0xc76fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 723 start_va = 0xc80000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 724 start_va = 0xd00000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 725 start_va = 0xe00000 end_va = 0xe7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 726 start_va = 0xe80000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 727 start_va = 0xf00000 end_va = 0xf00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f00000" filename = "" Region: id = 728 start_va = 0xf10000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f10000" filename = "" Region: id = 729 start_va = 0xf90000 end_va = 0xf90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f90000" filename = "" Region: id = 730 start_va = 0xfa0000 end_va = 0xfa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fa0000" filename = "" Region: id = 731 start_va = 0x1000000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 732 start_va = 0x1160000 end_va = 0x1166fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 733 start_va = 0x1170000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001170000" filename = "" Region: id = 734 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 735 start_va = 0x1300000 end_va = 0x137ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 736 start_va = 0x1380000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 737 start_va = 0x1400000 end_va = 0x147ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 738 start_va = 0x1480000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 739 start_va = 0x1500000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 740 start_va = 0x1600000 end_va = 0x167ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 741 start_va = 0x1690000 end_va = 0x178ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001690000" filename = "" Region: id = 742 start_va = 0x1800000 end_va = 0x18fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001800000" filename = "" Region: id = 743 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 744 start_va = 0x1a00000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 745 start_va = 0x1b00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 746 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 747 start_va = 0x1d00000 end_va = 0x2036fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 748 start_va = 0x2040000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 749 start_va = 0x2140000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 750 start_va = 0x2240000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 751 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 752 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 753 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 754 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 755 start_va = 0x2900000 end_va = 0x29dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 756 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 757 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 758 start_va = 0x2c00000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 759 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 760 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 761 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 762 start_va = 0x3200000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 763 start_va = 0x3400000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 764 start_va = 0x3500000 end_va = 0x35fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 765 start_va = 0x3700000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 766 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 767 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 768 start_va = 0x3c00000 end_va = 0x3cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 769 start_va = 0x3d00000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 770 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 771 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 772 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 773 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 774 start_va = 0x7ff731720000 end_va = 0x7ff73172cfff monitored = 0 entry_point = 0x7ff731723980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 775 start_va = 0x7ff8ebad0000 end_va = 0x7ff8ebb02fff monitored = 0 entry_point = 0x7ff8ebadae20 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 776 start_va = 0x7ff8ecb40000 end_va = 0x7ff8eccf7fff monitored = 0 entry_point = 0x7ff8ecb45550 region_type = mapped_file name = "wmalfxgfxdsp.dll" filename = "\\Windows\\System32\\WMALFXGFXDSP.dll" (normalized: "c:\\windows\\system32\\wmalfxgfxdsp.dll") Region: id = 777 start_va = 0x7ff8ee740000 end_va = 0x7ff8ee7c7fff monitored = 0 entry_point = 0x7ff8ee754510 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 778 start_va = 0x7ff8f39e0000 end_va = 0x7ff8f39f3fff monitored = 0 entry_point = 0x7ff8f39e1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 779 start_va = 0x7ff8f3a00000 end_va = 0x7ff8f3af5fff monitored = 0 entry_point = 0x7ff8f3a39590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 780 start_va = 0x7ff8f62e0000 end_va = 0x7ff8f62f0fff monitored = 0 entry_point = 0x7ff8f62e2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 781 start_va = 0x7ff8f7610000 end_va = 0x7ff8f768efff monitored = 0 entry_point = 0x7ff8f7627110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 782 start_va = 0x7ff8f7cb0000 end_va = 0x7ff8f7cdafff monitored = 0 entry_point = 0x7ff8f7cbc3c0 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 783 start_va = 0x7ff8f7ce0000 end_va = 0x7ff8f7decfff monitored = 0 entry_point = 0x7ff8f7d0f420 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 784 start_va = 0x7ff8f90a0000 end_va = 0x7ff8f90adfff monitored = 0 entry_point = 0x7ff8f90a2e50 region_type = mapped_file name = "cmintegrator.dll" filename = "\\Windows\\System32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll") Region: id = 785 start_va = 0x7ff8f90b0000 end_va = 0x7ff8f90bafff monitored = 0 entry_point = 0x7ff8f90b1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 786 start_va = 0x7ff8f9160000 end_va = 0x7ff8f91a7fff monitored = 0 entry_point = 0x7ff8f916a1e0 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 787 start_va = 0x7ff8f91b0000 end_va = 0x7ff8f91c9fff monitored = 0 entry_point = 0x7ff8f91b2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 788 start_va = 0x7ff8f91d0000 end_va = 0x7ff8f91e5fff monitored = 0 entry_point = 0x7ff8f91d19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 789 start_va = 0x7ff8f91f0000 end_va = 0x7ff8f9227fff monitored = 0 entry_point = 0x7ff8f91f68f0 region_type = mapped_file name = "wcmcsp.dll" filename = "\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll") Region: id = 790 start_va = 0x7ff8f9230000 end_va = 0x7ff8f928cfff monitored = 0 entry_point = 0x7ff8f9242bf0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 791 start_va = 0x7ff8f9290000 end_va = 0x7ff8f9328fff monitored = 0 entry_point = 0x7ff8f92aa090 region_type = mapped_file name = "wcmsvc.dll" filename = "\\Windows\\System32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll") Region: id = 792 start_va = 0x7ff8f96d0000 end_va = 0x7ff8f9707fff monitored = 0 entry_point = 0x7ff8f96e8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 793 start_va = 0x7ff8f9760000 end_va = 0x7ff8f9827fff monitored = 0 entry_point = 0x7ff8f97a13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 794 start_va = 0x7ff8f9ad0000 end_va = 0x7ff8f9bdafff monitored = 0 entry_point = 0x7ff8f9b12610 region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 795 start_va = 0x7ff8fa900000 end_va = 0x7ff8fa949fff monitored = 0 entry_point = 0x7ff8fa90ac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 796 start_va = 0x7ff8fa950000 end_va = 0x7ff8fa9bffff monitored = 0 entry_point = 0x7ff8fa972960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 797 start_va = 0x7ff8fb240000 end_va = 0x7ff8fb375fff monitored = 0 entry_point = 0x7ff8fb26f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 798 start_va = 0x7ff8fcb00000 end_va = 0x7ff8fcb10fff monitored = 0 entry_point = 0x7ff8fcb03320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 799 start_va = 0x7ff8fcd40000 end_va = 0x7ff8fcef0fff monitored = 0 entry_point = 0x7ff8fcd93690 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 800 start_va = 0x7ff8fd8b0000 end_va = 0x7ff8fd8b8fff monitored = 0 entry_point = 0x7ff8fd8b19a0 region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 801 start_va = 0x7ff8fd8c0000 end_va = 0x7ff8fd8cafff monitored = 0 entry_point = 0x7ff8fd8c1cd0 region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 802 start_va = 0x7ff8fd8e0000 end_va = 0x7ff8fd8f7fff monitored = 0 entry_point = 0x7ff8fd8e5910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 803 start_va = 0x7ff8fec90000 end_va = 0x7ff8fee15fff monitored = 0 entry_point = 0x7ff8fecdd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 804 start_va = 0x7ff8fee80000 end_va = 0x7ff8fee92fff monitored = 0 entry_point = 0x7ff8fee82760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 805 start_va = 0x7ff8ff160000 end_va = 0x7ff8ff186fff monitored = 0 entry_point = 0x7ff8ff167940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 806 start_va = 0x7ff8ff1b0000 end_va = 0x7ff8ff259fff monitored = 0 entry_point = 0x7ff8ff1d7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 807 start_va = 0x7ff8ff260000 end_va = 0x7ff8ff35ffff monitored = 0 entry_point = 0x7ff8ff2a0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 808 start_va = 0x7ff8ff4c0000 end_va = 0x7ff8ff4f1fff monitored = 0 entry_point = 0x7ff8ff4d2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 809 start_va = 0x7ff8ff740000 end_va = 0x7ff8ff763fff monitored = 0 entry_point = 0x7ff8ff743260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 810 start_va = 0x7ff8ff8e0000 end_va = 0x7ff8ff9d3fff monitored = 0 entry_point = 0x7ff8ff8ea960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 811 start_va = 0x7ff8ffb50000 end_va = 0x7ff8ffb5bfff monitored = 0 entry_point = 0x7ff8ffb527e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 812 start_va = 0x7ff8ffc30000 end_va = 0x7ff8ffc60fff monitored = 0 entry_point = 0x7ff8ffc37d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 813 start_va = 0x7ff8ffea0000 end_va = 0x7ff8ffebefff monitored = 0 entry_point = 0x7ff8ffea5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 814 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 815 start_va = 0x7ff9001e0000 end_va = 0x7ff9001eafff monitored = 0 entry_point = 0x7ff9001e19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 816 start_va = 0x7ff9003c0000 end_va = 0x7ff900415fff monitored = 0 entry_point = 0x7ff9003d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 817 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 818 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 819 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 820 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 821 start_va = 0x7ff9007b0000 end_va = 0x7ff9007bffff monitored = 0 entry_point = 0x7ff9007b56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 822 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 823 start_va = 0x7ff9007d0000 end_va = 0x7ff900996fff monitored = 0 entry_point = 0x7ff90082db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 824 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 825 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 826 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 827 start_va = 0x7ff901490000 end_va = 0x7ff901515fff monitored = 0 entry_point = 0x7ff90149d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 828 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 829 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 830 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 831 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 832 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 833 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 834 start_va = 0x7ff901f80000 end_va = 0x7ff9020c2fff monitored = 0 entry_point = 0x7ff901fa8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 835 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 836 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 837 start_va = 0x7ff902250000 end_va = 0x7ff902257fff monitored = 0 entry_point = 0x7ff902251ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 838 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 839 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 840 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 841 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1511 start_va = 0x3e00000 end_va = 0x3f3efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comres.dll" filename = "\\Windows\\System32\\comres.dll" (normalized: "c:\\windows\\system32\\comres.dll") Region: id = 2799 start_va = 0x3e00000 end_va = 0x405cfff monitored = 0 entry_point = 0x3e88610 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 2801 start_va = 0xb50000 end_va = 0xb57fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtcvsp1res.dll" filename = "\\Windows\\System32\\msdtcVSp1res.dll" (normalized: "c:\\windows\\system32\\msdtcvsp1res.dll") Region: id = 2803 start_va = 0xb50000 end_va = 0xbe4fff monitored = 0 entry_point = 0xb836c0 region_type = mapped_file name = "bisrv.dll" filename = "\\Windows\\System32\\bisrv.dll" (normalized: "c:\\windows\\system32\\bisrv.dll") Region: id = 2976 start_va = 0x3500000 end_va = 0x363efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comres.dll" filename = "\\Windows\\System32\\comres.dll" (normalized: "c:\\windows\\system32\\comres.dll") Region: id = 3389 start_va = 0xb50000 end_va = 0xb74fff monitored = 0 entry_point = 0xb5b320 region_type = mapped_file name = "loadperf.dll" filename = "\\Windows\\System32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll") Thread: id = 245 os_tid = 0x558 Thread: id = 246 os_tid = 0xb6c Thread: id = 247 os_tid = 0x334 Thread: id = 248 os_tid = 0x43c Thread: id = 249 os_tid = 0x1cc Thread: id = 250 os_tid = 0x444 Thread: id = 251 os_tid = 0x4d8 Thread: id = 252 os_tid = 0x474 Thread: id = 253 os_tid = 0x874 Thread: id = 254 os_tid = 0x7d4 Thread: id = 255 os_tid = 0xae8 Thread: id = 256 os_tid = 0x9d0 Thread: id = 257 os_tid = 0xba8 Thread: id = 258 os_tid = 0x49c Thread: id = 259 os_tid = 0x494 Thread: id = 260 os_tid = 0x48c Thread: id = 261 os_tid = 0x488 Thread: id = 262 os_tid = 0x470 Thread: id = 263 os_tid = 0x44c Thread: id = 264 os_tid = 0x448 Thread: id = 265 os_tid = 0x324 Thread: id = 266 os_tid = 0x174 Thread: id = 267 os_tid = 0x178 Thread: id = 268 os_tid = 0x180 Thread: id = 269 os_tid = 0x128 Thread: id = 270 os_tid = 0x124 Thread: id = 271 os_tid = 0x390 Process: id = "9" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x74ad2000" os_pid = "0x39c" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BthHFSrv" [0xa], "NT SERVICE\\FDResPub" [0xa], "NT SERVICE\\QWAVE" [0xa], "NT SERVICE\\SCardSvr" [0xa], "NT SERVICE\\SensrSvc" [0xa], "NT SERVICE\\SSDPSRV" [0xa], "NT SERVICE\\TimeBroker" [0xe], "NT SERVICE\\upnphost" [0xa], "NT SERVICE\\wcncsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c87d" [0xc000000f], "LOCAL" [0x7] Region: id = 2716 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2717 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2718 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2719 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2720 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2721 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2722 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2723 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2724 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2725 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2726 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2727 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2728 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2729 start_va = 0x480000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 2730 start_va = 0x570000 end_va = 0x576fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 2731 start_va = 0x5c0000 end_va = 0x5c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2732 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2733 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 2734 start_va = 0x8e0000 end_va = 0x8e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008e0000" filename = "" Region: id = 2735 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 2736 start_va = 0xa00000 end_va = 0xb80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 2737 start_va = 0xc00000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 2738 start_va = 0xd00000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 2739 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 2740 start_va = 0xf00000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 2741 start_va = 0x1000000 end_va = 0x1336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2742 start_va = 0x1440000 end_va = 0x153ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 2743 start_va = 0x1540000 end_va = 0x163ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 2744 start_va = 0x1740000 end_va = 0x183ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 2745 start_va = 0x1840000 end_va = 0x193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001840000" filename = "" Region: id = 2746 start_va = 0x1940000 end_va = 0x1a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001940000" filename = "" Region: id = 2747 start_va = 0x1a40000 end_va = 0x1b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a40000" filename = "" Region: id = 2748 start_va = 0x1c40000 end_va = 0x1d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 2749 start_va = 0x1d40000 end_va = 0x1e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d40000" filename = "" Region: id = 2750 start_va = 0x1e40000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 2751 start_va = 0x1f40000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 2752 start_va = 0x2040000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2753 start_va = 0x2140000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 2754 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2755 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2756 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2757 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2758 start_va = 0x7ff731720000 end_va = 0x7ff73172cfff monitored = 0 entry_point = 0x7ff731723980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2759 start_va = 0x7ff8f7590000 end_va = 0x7ff8f7597fff monitored = 0 entry_point = 0x7ff8f7591ab0 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 2760 start_va = 0x7ff8f75a0000 end_va = 0x7ff8f75a7fff monitored = 0 entry_point = 0x7ff8f75a10a0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2761 start_va = 0x7ff8f75b0000 end_va = 0x7ff8f75b9fff monitored = 0 entry_point = 0x7ff8f75b15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 2762 start_va = 0x7ff8f86a0000 end_va = 0x7ff8f86e3fff monitored = 0 entry_point = 0x7ff8f86ac010 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 2763 start_va = 0x7ff8f90b0000 end_va = 0x7ff8f90bafff monitored = 0 entry_point = 0x7ff8f90b1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2764 start_va = 0x7ff8f91b0000 end_va = 0x7ff8f91c9fff monitored = 0 entry_point = 0x7ff8f91b2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2765 start_va = 0x7ff8f91d0000 end_va = 0x7ff8f91e5fff monitored = 0 entry_point = 0x7ff8f91d19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2766 start_va = 0x7ff8f96d0000 end_va = 0x7ff8f9707fff monitored = 0 entry_point = 0x7ff8f96e8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2767 start_va = 0x7ff8f9cf0000 end_va = 0x7ff8f9cfbfff monitored = 0 entry_point = 0x7ff8f9cf2830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 2768 start_va = 0x7ff8fab00000 end_va = 0x7ff8fab40fff monitored = 0 entry_point = 0x7ff8fab11de0 region_type = mapped_file name = "ssdpsrv.dll" filename = "\\Windows\\System32\\ssdpsrv.dll" (normalized: "c:\\windows\\system32\\ssdpsrv.dll") Region: id = 2769 start_va = 0x7ff8fd880000 end_va = 0x7ff8fd8abfff monitored = 0 entry_point = 0x7ff8fd88ad60 region_type = mapped_file name = "timebrokerserver.dll" filename = "\\Windows\\System32\\TimeBrokerServer.dll" (normalized: "c:\\windows\\system32\\timebrokerserver.dll") Region: id = 2770 start_va = 0x7ff8fe760000 end_va = 0x7ff8fe81dfff monitored = 0 entry_point = 0x7ff8fe7a2d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 2771 start_va = 0x7ff8feff0000 end_va = 0x7ff8ff02ffff monitored = 0 entry_point = 0x7ff8ff001960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 2772 start_va = 0x7ff8ff260000 end_va = 0x7ff8ff35ffff monitored = 0 entry_point = 0x7ff8ff2a0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 2773 start_va = 0x7ff8ff4c0000 end_va = 0x7ff8ff4f1fff monitored = 0 entry_point = 0x7ff8ff4d2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2774 start_va = 0x7ff8ff8e0000 end_va = 0x7ff8ff9d3fff monitored = 0 entry_point = 0x7ff8ff8ea960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2775 start_va = 0x7ff8ffd50000 end_va = 0x7ff8ffd83fff monitored = 0 entry_point = 0x7ff8ffd6ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2776 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2777 start_va = 0x7ff9000c0000 end_va = 0x7ff9000d6fff monitored = 0 entry_point = 0x7ff9000c79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2778 start_va = 0x7ff9001e0000 end_va = 0x7ff9001eafff monitored = 0 entry_point = 0x7ff9001e19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2779 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2780 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2781 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2782 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2783 start_va = 0x7ff900a50000 end_va = 0x7ff900b04fff monitored = 0 entry_point = 0x7ff900a922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2784 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2785 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2786 start_va = 0x7ff901490000 end_va = 0x7ff901515fff monitored = 0 entry_point = 0x7ff90149d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2787 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2788 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2789 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2790 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2791 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2792 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2793 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2794 start_va = 0x7ff902250000 end_va = 0x7ff902257fff monitored = 0 entry_point = 0x7ff902251ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2795 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2796 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2797 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 272 os_tid = 0x268 Thread: id = 273 os_tid = 0x384 Thread: id = 274 os_tid = 0xbc4 Thread: id = 275 os_tid = 0x754 Thread: id = 276 os_tid = 0xa28 Thread: id = 277 os_tid = 0x554 Thread: id = 278 os_tid = 0x1dc Thread: id = 279 os_tid = 0x764 Thread: id = 280 os_tid = 0x2f8 Thread: id = 281 os_tid = 0xac8 Thread: id = 282 os_tid = 0xad4 Thread: id = 283 os_tid = 0xabc Thread: id = 284 os_tid = 0xacc Thread: id = 285 os_tid = 0x3c8 Thread: id = 286 os_tid = 0x3c4 Thread: id = 287 os_tid = 0x3a0 Process: id = "10" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x73b12000" os_pid = "0x3f8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xa], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\PhoneSvc" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\tzautoupdate" [0xe], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d0ae" [0xc000000f], "LOCAL" [0x7] Region: id = 2547 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2548 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2549 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2550 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2551 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2552 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2553 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2554 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2555 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2556 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2557 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 2558 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2559 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2560 start_va = 0x480000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 2561 start_va = 0x540000 end_va = 0x546fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2562 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 2563 start_va = 0x560000 end_va = 0x561fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netprofmsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\netprofmsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netprofmsvc.dll.mui") Region: id = 2564 start_va = 0x570000 end_va = 0x59dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 2565 start_va = 0x5a0000 end_va = 0x5a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2566 start_va = 0x5b0000 end_va = 0x5f8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 2567 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2568 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 2569 start_va = 0x800000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 2570 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 2571 start_va = 0xb20000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 2572 start_va = 0xba0000 end_va = 0xc9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 2573 start_va = 0xca0000 end_va = 0xca1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ca0000" filename = "" Region: id = 2574 start_va = 0xcb0000 end_va = 0xcb4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 2575 start_va = 0xcc0000 end_va = 0xcc6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 2576 start_va = 0xcd0000 end_va = 0xce1fff monitored = 0 entry_point = 0xcf7630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 2577 start_va = 0xd00000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 2578 start_va = 0xe00000 end_va = 0xedffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2579 start_va = 0xf00000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 2580 start_va = 0x1100000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 2581 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2582 start_va = 0x1300000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 2583 start_va = 0x1400000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 2584 start_va = 0x1500000 end_va = 0x24fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 2585 start_va = 0x2500000 end_va = 0x2836fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2586 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 2587 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 2588 start_va = 0x2b40000 end_va = 0x2c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 2589 start_va = 0x2c40000 end_va = 0x2d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c40000" filename = "" Region: id = 2590 start_va = 0x2d40000 end_va = 0x2e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d40000" filename = "" Region: id = 2591 start_va = 0x2f40000 end_va = 0x303ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f40000" filename = "" Region: id = 2592 start_va = 0x3100000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 2593 start_va = 0x3240000 end_va = 0x333ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003240000" filename = "" Region: id = 2594 start_va = 0x3340000 end_va = 0x343ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 2595 start_va = 0x3440000 end_va = 0x353ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003440000" filename = "" Region: id = 2596 start_va = 0x3540000 end_va = 0x363ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003540000" filename = "" Region: id = 2597 start_va = 0x3640000 end_va = 0x373ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003640000" filename = "" Region: id = 2598 start_va = 0x3740000 end_va = 0x383ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003740000" filename = "" Region: id = 2599 start_va = 0x3840000 end_va = 0x393ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003840000" filename = "" Region: id = 2600 start_va = 0x3940000 end_va = 0x3a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003940000" filename = "" Region: id = 2601 start_va = 0x3a40000 end_va = 0x3b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a40000" filename = "" Region: id = 2602 start_va = 0x3b40000 end_va = 0x3c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b40000" filename = "" Region: id = 2603 start_va = 0x3c40000 end_va = 0x3d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c40000" filename = "" Region: id = 2604 start_va = 0x3d40000 end_va = 0x3e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d40000" filename = "" Region: id = 2605 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 2606 start_va = 0x4000000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 2607 start_va = 0x4200000 end_va = 0x42fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 2608 start_va = 0x4300000 end_va = 0x4afffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1560258661-3990802383-1811730007-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat") Region: id = 2609 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2610 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2611 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2612 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2613 start_va = 0x7ff731720000 end_va = 0x7ff73172cfff monitored = 0 entry_point = 0x7ff731723980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2614 start_va = 0x7ff8f6960000 end_va = 0x7ff8f6977fff monitored = 0 entry_point = 0x7ff8f6964a20 region_type = mapped_file name = "perftrack.dll" filename = "\\Windows\\System32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll") Region: id = 2615 start_va = 0x7ff8f73c0000 end_va = 0x7ff8f73dcfff monitored = 0 entry_point = 0x7ff8f73c6190 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 2616 start_va = 0x7ff8f7780000 end_va = 0x7ff8f7789fff monitored = 0 entry_point = 0x7ff8f77814c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2617 start_va = 0x7ff8f8170000 end_va = 0x7ff8f818dfff monitored = 0 entry_point = 0x7ff8f8171690 region_type = mapped_file name = "bluetoothapis.dll" filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll") Region: id = 2618 start_va = 0x7ff8f8190000 end_va = 0x7ff8f81a8fff monitored = 0 entry_point = 0x7ff8f8192180 region_type = mapped_file name = "bthradiomedia.dll" filename = "\\Windows\\System32\\BthRadioMedia.dll" (normalized: "c:\\windows\\system32\\bthradiomedia.dll") Region: id = 2619 start_va = 0x7ff8f81b0000 end_va = 0x7ff8f81c3fff monitored = 0 entry_point = 0x7ff8f81b1a50 region_type = mapped_file name = "wlanradiomanager.dll" filename = "\\Windows\\System32\\WlanRadioManager.dll" (normalized: "c:\\windows\\system32\\wlanradiomanager.dll") Region: id = 2620 start_va = 0x7ff8f8cd0000 end_va = 0x7ff8f8cddfff monitored = 0 entry_point = 0x7ff8f8cd1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 2621 start_va = 0x7ff8f8d90000 end_va = 0x7ff8f8e1afff monitored = 0 entry_point = 0x7ff8f8dad2a0 region_type = mapped_file name = "netprofmsvc.dll" filename = "\\Windows\\System32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll") Region: id = 2622 start_va = 0x7ff8f90b0000 end_va = 0x7ff8f90bafff monitored = 0 entry_point = 0x7ff8f90b1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2623 start_va = 0x7ff8f91b0000 end_va = 0x7ff8f91c9fff monitored = 0 entry_point = 0x7ff8f91b2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2624 start_va = 0x7ff8f91d0000 end_va = 0x7ff8f91e5fff monitored = 0 entry_point = 0x7ff8f91d19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2625 start_va = 0x7ff8f9330000 end_va = 0x7ff8f933cfff monitored = 0 entry_point = 0x7ff8f9332650 region_type = mapped_file name = "nsisvc.dll" filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll") Region: id = 2626 start_va = 0x7ff8f9600000 end_va = 0x7ff8f960bfff monitored = 0 entry_point = 0x7ff8f96014d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 2627 start_va = 0x7ff8f96d0000 end_va = 0x7ff8f9707fff monitored = 0 entry_point = 0x7ff8f96e8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2628 start_va = 0x7ff8f9760000 end_va = 0x7ff8f9827fff monitored = 0 entry_point = 0x7ff8f97a13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 2629 start_va = 0x7ff8f9830000 end_va = 0x7ff8f9890fff monitored = 0 entry_point = 0x7ff8f9834b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 2630 start_va = 0x7ff8fa330000 end_va = 0x7ff8fa358fff monitored = 0 entry_point = 0x7ff8fa3424d0 region_type = mapped_file name = "fontprovider.dll" filename = "\\Windows\\System32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll") Region: id = 2631 start_va = 0x7ff8fa750000 end_va = 0x7ff8fa8f1fff monitored = 0 entry_point = 0x7ff8fa79c2d0 region_type = mapped_file name = "fntcache.dll" filename = "\\Windows\\System32\\FntCache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll") Region: id = 2632 start_va = 0x7ff8fa900000 end_va = 0x7ff8fa949fff monitored = 0 entry_point = 0x7ff8fa90ac30 region_type = mapped_file name = "deviceaccess.dll" filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll") Region: id = 2633 start_va = 0x7ff8fab70000 end_va = 0x7ff8faba2fff monitored = 0 entry_point = 0x7ff8fab7d5a0 region_type = mapped_file name = "biwinrt.dll" filename = "\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll") Region: id = 2634 start_va = 0x7ff8fabb0000 end_va = 0x7ff8fac41fff monitored = 0 entry_point = 0x7ff8fabfa780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 2635 start_va = 0x7ff8fac50000 end_va = 0x7ff8facc8fff monitored = 0 entry_point = 0x7ff8fac67800 region_type = mapped_file name = "geolocation.dll" filename = "\\Windows\\System32\\Geolocation.dll" (normalized: "c:\\windows\\system32\\geolocation.dll") Region: id = 2636 start_va = 0x7ff8fb240000 end_va = 0x7ff8fb375fff monitored = 0 entry_point = 0x7ff8fb26f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2637 start_va = 0x7ff8fc9e0000 end_va = 0x7ff8fca59fff monitored = 0 entry_point = 0x7ff8fca07630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 2638 start_va = 0x7ff8fd8e0000 end_va = 0x7ff8fd8f7fff monitored = 0 entry_point = 0x7ff8fd8e5910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2639 start_va = 0x7ff8fef80000 end_va = 0x7ff8fef91fff monitored = 0 entry_point = 0x7ff8fef81a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 2640 start_va = 0x7ff8ff160000 end_va = 0x7ff8ff186fff monitored = 0 entry_point = 0x7ff8ff167940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2641 start_va = 0x7ff8ff1b0000 end_va = 0x7ff8ff259fff monitored = 0 entry_point = 0x7ff8ff1d7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2642 start_va = 0x7ff8ff260000 end_va = 0x7ff8ff35ffff monitored = 0 entry_point = 0x7ff8ff2a0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 2643 start_va = 0x7ff8ff740000 end_va = 0x7ff8ff763fff monitored = 0 entry_point = 0x7ff8ff743260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2644 start_va = 0x7ff8ff8e0000 end_va = 0x7ff8ff9d3fff monitored = 0 entry_point = 0x7ff8ff8ea960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2645 start_va = 0x7ff8ffea0000 end_va = 0x7ff8ffebefff monitored = 0 entry_point = 0x7ff8ffea5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2646 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2647 start_va = 0x7ff9001e0000 end_va = 0x7ff9001eafff monitored = 0 entry_point = 0x7ff9001e19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2648 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2649 start_va = 0x7ff900600000 end_va = 0x7ff900698fff monitored = 0 entry_point = 0x7ff90062f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 2650 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2651 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2652 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2653 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2654 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2655 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2656 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2657 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2658 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2659 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2660 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2661 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2662 start_va = 0x7ff901f80000 end_va = 0x7ff9020c2fff monitored = 0 entry_point = 0x7ff901fa8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2663 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2664 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2665 start_va = 0x7ff902250000 end_va = 0x7ff902257fff monitored = 0 entry_point = 0x7ff902251ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2666 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2667 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2668 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2669 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 288 os_tid = 0x980 Thread: id = 289 os_tid = 0x1c0 Thread: id = 290 os_tid = 0xbe8 Thread: id = 291 os_tid = 0xb5c Thread: id = 292 os_tid = 0x878 Thread: id = 293 os_tid = 0xb10 Thread: id = 294 os_tid = 0xb48 Thread: id = 295 os_tid = 0x804 Thread: id = 296 os_tid = 0x14c Thread: id = 297 os_tid = 0x8a0 Thread: id = 298 os_tid = 0x78c Thread: id = 299 os_tid = 0x780 Thread: id = 300 os_tid = 0x714 Thread: id = 301 os_tid = 0x56c Thread: id = 302 os_tid = 0x568 Thread: id = 303 os_tid = 0x564 Thread: id = 304 os_tid = 0x560 Thread: id = 305 os_tid = 0x54c Thread: id = 306 os_tid = 0x540 Thread: id = 307 os_tid = 0x418 Thread: id = 308 os_tid = 0x414 Thread: id = 309 os_tid = 0x410 Thread: id = 310 os_tid = 0x8 Thread: id = 311 os_tid = 0x280 Thread: id = 312 os_tid = 0x264 Thread: id = 313 os_tid = 0x3fc Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x72a1e000" os_pid = "0x148" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xa], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\DeviceAssociationService" [0xa], "NT SERVICE\\DevQueryBroker" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\DsSvc" [0xa], "NT SERVICE\\fhsvc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\NcbService" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\NgcSvc" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\ScDeviceEnum" [0xa], "NT SERVICE\\SensorService" [0xa], "NT SERVICE\\SmsRouter" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\svsvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\vmicguestinterface" [0xa], "NT SERVICE\\vmickvpexchange" [0xa], "NT SERVICE\\vmicshutdown" [0xa], "NT SERVICE\\vmicvmsession" [0xa], "NT SERVICE\\vmicvss" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\WiaRpc" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xe], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d2ba" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 480 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 481 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 482 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 483 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 484 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 485 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 486 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 487 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 488 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 489 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 490 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 491 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 492 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 493 start_va = 0x400000 end_va = 0x443fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 494 start_va = 0x480000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 495 start_va = 0x540000 end_va = 0x540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 496 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 497 start_va = 0x560000 end_va = 0x560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mmdevapi.dll.mui" filename = "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui") Region: id = 498 start_va = 0x570000 end_va = 0x576fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 499 start_va = 0x580000 end_va = 0x580fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "audioendpointbuilder.dll.mui" filename = "\\Windows\\System32\\en-US\\AudioEndpointBuilder.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\audioendpointbuilder.dll.mui") Region: id = 500 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 501 start_va = 0x5a0000 end_va = 0x5a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.dll.mui" filename = "\\Windows\\System32\\en-US\\sysmain.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sysmain.dll.mui") Region: id = 502 start_va = 0x5d0000 end_va = 0x5d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 503 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 504 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 505 start_va = 0x8b0000 end_va = 0x8b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 506 start_va = 0x8c0000 end_va = 0x8f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pfpre_e95f858f.mkd" filename = "\\Windows\\Prefetch\\PfPre_e95f858f.mkd" (normalized: "c:\\windows\\prefetch\\pfpre_e95f858f.mkd") Region: id = 507 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 508 start_va = 0xa00000 end_va = 0xb80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 509 start_va = 0xc00000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 510 start_va = 0xd00000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 511 start_va = 0xd80000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d80000" filename = "" Region: id = 512 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 513 start_va = 0xf00000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 514 start_va = 0x1000000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 515 start_va = 0x1180000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 516 start_va = 0x1200000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 517 start_va = 0x1300000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 518 start_va = 0x1400000 end_va = 0x1736fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 519 start_va = 0x1740000 end_va = 0x183ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 520 start_va = 0x1840000 end_va = 0x1971fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001840000" filename = "" Region: id = 521 start_va = 0x19f0000 end_va = 0x19f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019f0000" filename = "" Region: id = 522 start_va = 0x1a00000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 523 start_va = 0x1b00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 524 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 525 start_va = 0x1d00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 526 start_va = 0x1e00000 end_va = 0x1efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 527 start_va = 0x1f00000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 528 start_va = 0x2200000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002200000" filename = "" Region: id = 529 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 530 start_va = 0x2400000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 531 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 532 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 533 start_va = 0x2d00000 end_va = 0x2dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d00000" filename = "" Region: id = 534 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 535 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 536 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 537 start_va = 0x3200000 end_va = 0x32fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003200000" filename = "" Region: id = 538 start_va = 0x3300000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 539 start_va = 0x3400000 end_va = 0x34fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003400000" filename = "" Region: id = 540 start_va = 0x3500000 end_va = 0x35fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003500000" filename = "" Region: id = 541 start_va = 0x3600000 end_va = 0x36fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003600000" filename = "" Region: id = 542 start_va = 0x3700000 end_va = 0x37fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003700000" filename = "" Region: id = 543 start_va = 0x3800000 end_va = 0x38fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003800000" filename = "" Region: id = 544 start_va = 0x3b00000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 545 start_va = 0x3c00000 end_va = 0x3cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 546 start_va = 0x3d00000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 547 start_va = 0x3e00000 end_va = 0x3efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 548 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 549 start_va = 0x4000000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 550 start_va = 0x4100000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 551 start_va = 0x4200000 end_va = 0x42fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 552 start_va = 0x4300000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 553 start_va = 0x4400000 end_va = 0x44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 554 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 555 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 556 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 557 start_va = 0x4800000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 558 start_va = 0x4900000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 559 start_va = 0x4a00000 end_va = 0x4afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 560 start_va = 0x4b00000 end_va = 0x4bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b00000" filename = "" Region: id = 561 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 562 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 563 start_va = 0x7fff0000 end_va = 0x17ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 564 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 565 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 566 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 567 start_va = 0x7ff731720000 end_va = 0x7ff73172cfff monitored = 0 entry_point = 0x7ff731723980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 568 start_va = 0x7ff8f3440000 end_va = 0x7ff8f3497fff monitored = 0 entry_point = 0x7ff8f3457f80 region_type = mapped_file name = "ncbservice.dll" filename = "\\Windows\\System32\\ncbservice.dll" (normalized: "c:\\windows\\system32\\ncbservice.dll") Region: id = 569 start_va = 0x7ff8f3630000 end_va = 0x7ff8f363afff monitored = 0 entry_point = 0x7ff8f3631e70 region_type = mapped_file name = "systemeventsbrokerclient.dll" filename = "\\Windows\\System32\\SystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerclient.dll") Region: id = 570 start_va = 0x7ff8f6580000 end_va = 0x7ff8f65bffff monitored = 0 entry_point = 0x7ff8f6596c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 571 start_va = 0x7ff8f6ae0000 end_va = 0x7ff8f6b01fff monitored = 0 entry_point = 0x7ff8f6aeadf0 region_type = mapped_file name = "trkwks.dll" filename = "\\Windows\\System32\\trkwks.dll" (normalized: "c:\\windows\\system32\\trkwks.dll") Region: id = 572 start_va = 0x7ff8f6c80000 end_va = 0x7ff8f6d04fff monitored = 0 entry_point = 0x7ff8f6c99a10 region_type = mapped_file name = "pcasvc.dll" filename = "\\Windows\\System32\\pcasvc.dll" (normalized: "c:\\windows\\system32\\pcasvc.dll") Region: id = 573 start_va = 0x7ff8f72b0000 end_va = 0x7ff8f73bdfff monitored = 0 entry_point = 0x7ff8f7317960 region_type = mapped_file name = "sysmain.dll" filename = "\\Windows\\System32\\sysmain.dll" (normalized: "c:\\windows\\system32\\sysmain.dll") Region: id = 574 start_va = 0x7ff8f73c0000 end_va = 0x7ff8f73dcfff monitored = 0 entry_point = 0x7ff8f73c6190 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 575 start_va = 0x7ff8f7bc0000 end_va = 0x7ff8f7bc8fff monitored = 0 entry_point = 0x7ff8f7bc21d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 576 start_va = 0x7ff8f7ed0000 end_va = 0x7ff8f7edffff monitored = 0 entry_point = 0x7ff8f7ed1ec0 region_type = mapped_file name = "pcadm.dll" filename = "\\Windows\\System32\\pcadm.dll" (normalized: "c:\\windows\\system32\\pcadm.dll") Region: id = 577 start_va = 0x7ff8f86a0000 end_va = 0x7ff8f86e3fff monitored = 0 entry_point = 0x7ff8f86ac010 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 578 start_va = 0x7ff8f87c0000 end_va = 0x7ff8f87f5fff monitored = 0 entry_point = 0x7ff8f87c86d0 region_type = mapped_file name = "wudfplatform.dll" filename = "\\Windows\\System32\\WUDFPlatform.dll" (normalized: "c:\\windows\\system32\\wudfplatform.dll") Region: id = 579 start_va = 0x7ff8f8800000 end_va = 0x7ff8f881dfff monitored = 0 entry_point = 0x7ff8f8803ce0 region_type = mapped_file name = "wudfsvc.dll" filename = "\\Windows\\System32\\WUDFSvc.dll" (normalized: "c:\\windows\\system32\\wudfsvc.dll") Region: id = 580 start_va = 0x7ff8f8cb0000 end_va = 0x7ff8f8ccafff monitored = 0 entry_point = 0x7ff8f8cb1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 581 start_va = 0x7ff8f8cd0000 end_va = 0x7ff8f8cddfff monitored = 0 entry_point = 0x7ff8f8cd1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 582 start_va = 0x7ff8f90c0000 end_va = 0x7ff8f90cffff monitored = 0 entry_point = 0x7ff8f90c3d50 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll") Region: id = 583 start_va = 0x7ff8f96d0000 end_va = 0x7ff8f9707fff monitored = 0 entry_point = 0x7ff8f96e8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 584 start_va = 0x7ff8f9cf0000 end_va = 0x7ff8f9cfbfff monitored = 0 entry_point = 0x7ff8f9cf2830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 585 start_va = 0x7ff8fa950000 end_va = 0x7ff8fa9bffff monitored = 0 entry_point = 0x7ff8fa972960 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 586 start_va = 0x7ff8fa9c0000 end_va = 0x7ff8faa09fff monitored = 0 entry_point = 0x7ff8fa9d1450 region_type = mapped_file name = "audioendpointbuilder.dll" filename = "\\Windows\\System32\\AudioEndpointBuilder.dll" (normalized: "c:\\windows\\system32\\audioendpointbuilder.dll") Region: id = 587 start_va = 0x7ff8facd0000 end_va = 0x7ff8face6fff monitored = 0 entry_point = 0x7ff8facd25d0 region_type = mapped_file name = "portabledeviceconnectapi.dll" filename = "\\Windows\\System32\\PortableDeviceConnectApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceconnectapi.dll") Region: id = 588 start_va = 0x7ff8fc880000 end_va = 0x7ff8fc920fff monitored = 0 entry_point = 0x7ff8fc883db0 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 589 start_va = 0x7ff8fcf00000 end_va = 0x7ff8fcfbefff monitored = 0 entry_point = 0x7ff8fcf21c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 590 start_va = 0x7ff8fcff0000 end_va = 0x7ff8fd025fff monitored = 0 entry_point = 0x7ff8fd000070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 591 start_va = 0x7ff8fde10000 end_va = 0x7ff8fe2a2fff monitored = 0 entry_point = 0x7ff8fde1f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 592 start_va = 0x7ff8fe760000 end_va = 0x7ff8fe81dfff monitored = 0 entry_point = 0x7ff8fe7a2d40 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 593 start_va = 0x7ff8fec10000 end_va = 0x7ff8fec88fff monitored = 0 entry_point = 0x7ff8fec2fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 594 start_va = 0x7ff8fec90000 end_va = 0x7ff8fee15fff monitored = 0 entry_point = 0x7ff8fecdd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 595 start_va = 0x7ff8fee80000 end_va = 0x7ff8fee92fff monitored = 0 entry_point = 0x7ff8fee82760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 596 start_va = 0x7ff8feff0000 end_va = 0x7ff8ff02ffff monitored = 0 entry_point = 0x7ff8ff001960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 597 start_va = 0x7ff8ff160000 end_va = 0x7ff8ff186fff monitored = 0 entry_point = 0x7ff8ff167940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 598 start_va = 0x7ff8ff8e0000 end_va = 0x7ff8ff9d3fff monitored = 0 entry_point = 0x7ff8ff8ea960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 599 start_va = 0x7ff8ffc30000 end_va = 0x7ff8ffc60fff monitored = 0 entry_point = 0x7ff8ffc37d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 600 start_va = 0x7ff8ffea0000 end_va = 0x7ff8ffebefff monitored = 0 entry_point = 0x7ff8ffea5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 601 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 602 start_va = 0x7ff9003c0000 end_va = 0x7ff900415fff monitored = 0 entry_point = 0x7ff9003d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 603 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 604 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 605 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 606 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 607 start_va = 0x7ff9007b0000 end_va = 0x7ff9007bffff monitored = 0 entry_point = 0x7ff9007b56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 608 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 609 start_va = 0x7ff9007d0000 end_va = 0x7ff900996fff monitored = 0 entry_point = 0x7ff90082db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 610 start_va = 0x7ff9009a0000 end_va = 0x7ff9009f4fff monitored = 0 entry_point = 0x7ff9009b7970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 611 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 612 start_va = 0x7ff900a50000 end_va = 0x7ff900b04fff monitored = 0 entry_point = 0x7ff900a922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 613 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 614 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 615 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 616 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 617 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 618 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 619 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 620 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 621 start_va = 0x7ff901f10000 end_va = 0x7ff901f7efff monitored = 0 entry_point = 0x7ff901f35f70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 622 start_va = 0x7ff901f80000 end_va = 0x7ff9020c2fff monitored = 0 entry_point = 0x7ff901fa8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 623 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 624 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 625 start_va = 0x7ff902250000 end_va = 0x7ff902257fff monitored = 0 entry_point = 0x7ff902251ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 626 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 627 start_va = 0x7ff903a00000 end_va = 0x7ff903e28fff monitored = 0 entry_point = 0x7ff903a28740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 628 start_va = 0x7ff903e40000 end_va = 0x7ff903e91fff monitored = 0 entry_point = 0x7ff903e4f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 629 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 630 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 631 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2881 start_va = 0x450000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consent.exe-65f6206d.pf" filename = "\\Windows\\Prefetch\\CONSENT.EXE-65F6206D.pf" (normalized: "c:\\windows\\prefetch\\consent.exe-65f6206d.pf") Region: id = 2882 start_va = 0x460000 end_va = 0x474fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2883 start_va = 0x5b0000 end_va = 0x5b1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2884 start_va = 0x450000 end_va = 0x463fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2885 start_va = 0xb90000 end_va = 0xbb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2886 start_va = 0x450000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dllhost.exe-893ddf55.pf" filename = "\\Windows\\Prefetch\\DLLHOST.EXE-893DDF55.pf" (normalized: "c:\\windows\\prefetch\\dllhost.exe-893ddf55.pf") Region: id = 2887 start_va = 0x460000 end_va = 0x463fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2888 start_va = 0x470000 end_va = 0x471fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 2889 start_va = 0x450000 end_va = 0x453fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2890 start_va = 0xb90000 end_va = 0xbb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2891 start_va = 0x450000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dllhost.exe-893ddf55.pf" filename = "\\Windows\\Prefetch\\DLLHOST.EXE-893DDF55.pf" (normalized: "c:\\windows\\prefetch\\dllhost.exe-893ddf55.pf") Region: id = 2892 start_va = 0x460000 end_va = 0x463fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2893 start_va = 0x470000 end_va = 0x471fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 2894 start_va = 0x450000 end_va = 0x453fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2895 start_va = 0xb90000 end_va = 0xbb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2896 start_va = 0x450000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "audiodg.exe-d0d776ac.pf" filename = "\\Windows\\Prefetch\\AUDIODG.EXE-D0D776AC.pf" (normalized: "c:\\windows\\prefetch\\audiodg.exe-d0d776ac.pf") Region: id = 2961 start_va = 0x460000 end_va = 0x465fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 2962 start_va = 0x470000 end_va = 0x471fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 2963 start_va = 0x450000 end_va = 0x455fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2964 start_va = 0xb90000 end_va = 0xbb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2966 start_va = 0x450000 end_va = 0x453fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2967 start_va = 0xb90000 end_va = 0xbb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 2968 start_va = 0x450000 end_va = 0x45bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2969 start_va = 0xb90000 end_va = 0xbb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 3024 start_va = 0x450000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe-89305d47.pf" filename = "\\Windows\\Prefetch\\CMD.EXE-89305D47.pf" (normalized: "c:\\windows\\prefetch\\cmd.exe-89305d47.pf") Region: id = 3025 start_va = 0x460000 end_va = 0x465fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3026 start_va = 0x470000 end_va = 0x471fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 3027 start_va = 0x450000 end_va = 0x455fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3028 start_va = 0xb90000 end_va = 0xbb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 3029 start_va = 0x450000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhost.exe-3218e401.pf" filename = "\\Windows\\Prefetch\\CONHOST.EXE-3218E401.pf" (normalized: "c:\\windows\\prefetch\\conhost.exe-3218e401.pf") Region: id = 3030 start_va = 0x460000 end_va = 0x467fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3031 start_va = 0x470000 end_va = 0x471fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 3032 start_va = 0x450000 end_va = 0x457fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3033 start_va = 0xb90000 end_va = 0xbb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 3034 start_va = 0x450000 end_va = 0x454fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3035 start_va = 0xb90000 end_va = 0xbb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 3039 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 3040 start_va = 0x460000 end_va = 0x46bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3041 start_va = 0x470000 end_va = 0x471fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 3042 start_va = 0x450000 end_va = 0x463fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3043 start_va = 0xb90000 end_va = 0xbb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 3555 start_va = 0x450000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "installagent.exe-6a6745b1.pf" filename = "\\Windows\\Prefetch\\INSTALLAGENT.EXE-6A6745B1.pf" (normalized: "c:\\windows\\prefetch\\installagent.exe-6a6745b1.pf") Region: id = 3556 start_va = 0x460000 end_va = 0x467fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3557 start_va = 0x470000 end_va = 0x471fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 3558 start_va = 0x450000 end_va = 0x456fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3559 start_va = 0xb90000 end_va = 0xbb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Thread: id = 314 os_tid = 0x1228 Thread: id = 315 os_tid = 0x1224 Thread: id = 316 os_tid = 0xf00 Thread: id = 317 os_tid = 0xbd4 Thread: id = 318 os_tid = 0x65c Thread: id = 319 os_tid = 0x640 Thread: id = 320 os_tid = 0x4f8 Thread: id = 321 os_tid = 0x7e8 Thread: id = 322 os_tid = 0xb50 Thread: id = 323 os_tid = 0x8b4 Thread: id = 324 os_tid = 0x744 Thread: id = 325 os_tid = 0x740 Thread: id = 326 os_tid = 0x73c Thread: id = 327 os_tid = 0x704 Thread: id = 328 os_tid = 0x5a0 Thread: id = 329 os_tid = 0x428 Thread: id = 330 os_tid = 0x408 Thread: id = 331 os_tid = 0x2c8 Thread: id = 332 os_tid = 0x290 Thread: id = 333 os_tid = 0x144 Process: id = "12" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x70f48000" os_pid = "0x47c" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ffc3" [0xc000000f], "LOCAL" [0x7] Region: id = 854 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 855 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 856 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 857 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 858 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 859 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 860 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 861 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 862 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 863 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 864 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 865 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 866 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 867 start_va = 0x400000 end_va = 0x40ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 868 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 869 start_va = 0x420000 end_va = 0x42ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 870 start_va = 0x430000 end_va = 0x43ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 871 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 872 start_va = 0x450000 end_va = 0x45ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 873 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 874 start_va = 0x490000 end_va = 0x498fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 875 start_va = 0x4a0000 end_va = 0x4a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 876 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 877 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 878 start_va = 0x4e0000 end_va = 0x4e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 879 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 880 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 881 start_va = 0x510000 end_va = 0x513fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 882 start_va = 0x520000 end_va = 0x521fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 883 start_va = 0x530000 end_va = 0x536fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 884 start_va = 0x540000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 885 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 886 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 887 start_va = 0x800000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 888 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 889 start_va = 0xb20000 end_va = 0xc1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 890 start_va = 0xc20000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 891 start_va = 0xc30000 end_va = 0xc3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 892 start_va = 0xc40000 end_va = 0xc4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Region: id = 893 start_va = 0xc50000 end_va = 0xc5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 894 start_va = 0xc60000 end_va = 0xc6ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 895 start_va = 0xc70000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c70000" filename = "" Region: id = 896 start_va = 0xc80000 end_va = 0xc80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 897 start_va = 0xc90000 end_va = 0xc96fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 898 start_va = 0xca0000 end_va = 0xca0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 899 start_va = 0xcb0000 end_va = 0xcb1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 900 start_va = 0xcc0000 end_va = 0xccffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 901 start_va = 0xcd0000 end_va = 0xcdffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 902 start_va = 0xce0000 end_va = 0xce6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ce0000" filename = "" Region: id = 903 start_va = 0xcf0000 end_va = 0xcfffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 904 start_va = 0xd00000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 905 start_va = 0xe00000 end_va = 0xe7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 906 start_va = 0xe80000 end_va = 0xe8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e80000" filename = "" Region: id = 907 start_va = 0xe90000 end_va = 0xe9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e90000" filename = "" Region: id = 908 start_va = 0xea0000 end_va = 0xeaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ea0000" filename = "" Region: id = 909 start_va = 0xeb0000 end_va = 0xebffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000eb0000" filename = "" Region: id = 910 start_va = 0xec0000 end_va = 0xecffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ec0000" filename = "" Region: id = 911 start_va = 0xed0000 end_va = 0xedffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ed0000" filename = "" Region: id = 912 start_va = 0xee0000 end_va = 0xeeffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 913 start_va = 0xef0000 end_va = 0xefffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 914 start_va = 0xfb0000 end_va = 0xfb6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 915 start_va = 0x1000000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 916 start_va = 0x1100000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001100000" filename = "" Region: id = 917 start_va = 0x1200000 end_va = 0x12c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 918 start_va = 0x12d0000 end_va = 0x13cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012d0000" filename = "" Region: id = 919 start_va = 0x13d0000 end_va = 0x144ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013d0000" filename = "" Region: id = 920 start_va = 0x1450000 end_va = 0x145ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 921 start_va = 0x1460000 end_va = 0x146ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 922 start_va = 0x1470000 end_va = 0x147ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 923 start_va = 0x1480000 end_va = 0x148ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 924 start_va = 0x1490000 end_va = 0x149ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 925 start_va = 0x14a0000 end_va = 0x14affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 926 start_va = 0x14b0000 end_va = 0x14bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 927 start_va = 0x14c0000 end_va = 0x14cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 928 start_va = 0x14d0000 end_va = 0x14dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 929 start_va = 0x14e0000 end_va = 0x14effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 930 start_va = 0x14f0000 end_va = 0x14fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 931 start_va = 0x1500000 end_va = 0x1500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 932 start_va = 0x1510000 end_va = 0x151ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 933 start_va = 0x1520000 end_va = 0x152ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 934 start_va = 0x1540000 end_va = 0x154ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\\catdb") Region: id = 935 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 936 start_va = 0x1750000 end_va = 0x184ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 937 start_va = 0x1950000 end_va = 0x19cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001950000" filename = "" Region: id = 938 start_va = 0x19d0000 end_va = 0x19d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019d0000" filename = "" Region: id = 939 start_va = 0x19e0000 end_va = 0x19e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019e0000" filename = "" Region: id = 940 start_va = 0x19f0000 end_va = 0x19fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 941 start_va = 0x1a00000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 942 start_va = 0x1b00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 943 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 944 start_va = 0x1e00000 end_va = 0x1e0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 945 start_va = 0x1e10000 end_va = 0x1e1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 946 start_va = 0x1e20000 end_va = 0x1e2ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 947 start_va = 0x1e30000 end_va = 0x1e3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 948 start_va = 0x1e40000 end_va = 0x1e4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 949 start_va = 0x1e50000 end_va = 0x1e5ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 950 start_va = 0x1e60000 end_va = 0x1e6ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 951 start_va = 0x1e70000 end_va = 0x1e7ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 952 start_va = 0x1e80000 end_va = 0x1e8ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 953 start_va = 0x1e90000 end_va = 0x1e9ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 954 start_va = 0x1ea0000 end_va = 0x1eaffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 955 start_va = 0x1eb0000 end_va = 0x1ebffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 956 start_va = 0x1ec0000 end_va = 0x1ecffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 957 start_va = 0x1ed0000 end_va = 0x1edffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 958 start_va = 0x1ee0000 end_va = 0x1eeffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 959 start_va = 0x1ef0000 end_va = 0x1efffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 960 start_va = 0x1f00000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 961 start_va = 0x2200000 end_va = 0x220ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 962 start_va = 0x2210000 end_va = 0x221ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 963 start_va = 0x2220000 end_va = 0x222ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 964 start_va = 0x2230000 end_va = 0x223ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 965 start_va = 0x2240000 end_va = 0x224ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "catdb" filename = "\\Windows\\System32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb" (normalized: "c:\\windows\\system32\\catroot2\\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\\catdb") Region: id = 966 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 967 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 968 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 969 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 970 start_va = 0x2900000 end_va = 0x2c36fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 971 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 972 start_va = 0x3040000 end_va = 0x313ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003040000" filename = "" Region: id = 973 start_va = 0x3240000 end_va = 0x333ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003240000" filename = "" Region: id = 974 start_va = 0x3340000 end_va = 0x433ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 975 start_va = 0x4340000 end_va = 0x454ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004340000" filename = "" Region: id = 976 start_va = 0x4850000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004850000" filename = "" Region: id = 977 start_va = 0x4a50000 end_va = 0x4b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a50000" filename = "" Region: id = 978 start_va = 0x4c50000 end_va = 0x4d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c50000" filename = "" Region: id = 979 start_va = 0x4d50000 end_va = 0x4e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d50000" filename = "" Region: id = 980 start_va = 0x5050000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 981 start_va = 0x5150000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 982 start_va = 0x5250000 end_va = 0x534ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 983 start_va = 0x5350000 end_va = 0x544ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005350000" filename = "" Region: id = 984 start_va = 0x5450000 end_va = 0x554ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005450000" filename = "" Region: id = 985 start_va = 0x5850000 end_va = 0x594ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005850000" filename = "" Region: id = 986 start_va = 0x5a50000 end_va = 0x5b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 987 start_va = 0x5b50000 end_va = 0x5c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b50000" filename = "" Region: id = 988 start_va = 0x5c50000 end_va = 0x5d4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c50000" filename = "" Region: id = 989 start_va = 0x6450000 end_va = 0x654ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006450000" filename = "" Region: id = 990 start_va = 0x6550000 end_va = 0x664ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006550000" filename = "" Region: id = 991 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 992 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 993 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 994 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 995 start_va = 0x7ff731720000 end_va = 0x7ff73172cfff monitored = 0 entry_point = 0x7ff731723980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 996 start_va = 0x7ff8f6f20000 end_va = 0x7ff8f7218fff monitored = 0 entry_point = 0x7ff8f6fe7280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 997 start_va = 0x7ff8f73e0000 end_va = 0x7ff8f73f7fff monitored = 0 entry_point = 0x7ff8f73e2000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 998 start_va = 0x7ff8f7400000 end_va = 0x7ff8f7581fff monitored = 0 entry_point = 0x7ff8f74182a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 999 start_va = 0x7ff8f75c0000 end_va = 0x7ff8f75e2fff monitored = 0 entry_point = 0x7ff8f75c7a30 region_type = mapped_file name = "cryptcatsvc.dll" filename = "\\Windows\\System32\\cryptcatsvc.dll" (normalized: "c:\\windows\\system32\\cryptcatsvc.dll") Region: id = 1000 start_va = 0x7ff8f75f0000 end_va = 0x7ff8f7602fff monitored = 0 entry_point = 0x7ff8f75f1450 region_type = mapped_file name = "crypttpmeksvc.dll" filename = "\\Windows\\System32\\crypttpmeksvc.dll" (normalized: "c:\\windows\\system32\\crypttpmeksvc.dll") Region: id = 1001 start_va = 0x7ff8f7700000 end_va = 0x7ff8f7717fff monitored = 0 entry_point = 0x7ff8f7707a00 region_type = mapped_file name = "cryptsvc.dll" filename = "\\Windows\\System32\\cryptsvc.dll" (normalized: "c:\\windows\\system32\\cryptsvc.dll") Region: id = 1002 start_va = 0x7ff8f7f80000 end_va = 0x7ff8f7fc7fff monitored = 0 entry_point = 0x7ff8f7f8abb0 region_type = mapped_file name = "wkssvc.dll" filename = "\\Windows\\System32\\wkssvc.dll" (normalized: "c:\\windows\\system32\\wkssvc.dll") Region: id = 1003 start_va = 0x7ff8f8e40000 end_va = 0x7ff8f8e54fff monitored = 0 entry_point = 0x7ff8f8e43460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1004 start_va = 0x7ff8f8f00000 end_va = 0x7ff8f8f68fff monitored = 0 entry_point = 0x7ff8f8f1bb10 region_type = mapped_file name = "ncsi.dll" filename = "\\Windows\\System32\\ncsi.dll" (normalized: "c:\\windows\\system32\\ncsi.dll") Region: id = 1005 start_va = 0x7ff8f8f70000 end_va = 0x7ff8f8fcffff monitored = 0 entry_point = 0x7ff8f8f90fc0 region_type = mapped_file name = "nlasvc.dll" filename = "\\Windows\\System32\\nlasvc.dll" (normalized: "c:\\windows\\system32\\nlasvc.dll") Region: id = 1006 start_va = 0x7ff8f8fe0000 end_va = 0x7ff8f9046fff monitored = 0 entry_point = 0x7ff8f8fe63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1007 start_va = 0x7ff8f9050000 end_va = 0x7ff8f9099fff monitored = 0 entry_point = 0x7ff8f9060100 region_type = mapped_file name = "dnsrslvr.dll" filename = "\\Windows\\System32\\dnsrslvr.dll" (normalized: "c:\\windows\\system32\\dnsrslvr.dll") Region: id = 1008 start_va = 0x7ff8f90b0000 end_va = 0x7ff8f90bafff monitored = 0 entry_point = 0x7ff8f90b1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1009 start_va = 0x7ff8f91b0000 end_va = 0x7ff8f91c9fff monitored = 0 entry_point = 0x7ff8f91b2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1010 start_va = 0x7ff8f91d0000 end_va = 0x7ff8f91e5fff monitored = 0 entry_point = 0x7ff8f91d19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1011 start_va = 0x7ff8f96d0000 end_va = 0x7ff8f9707fff monitored = 0 entry_point = 0x7ff8f96e8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1012 start_va = 0x7ff8f9760000 end_va = 0x7ff8f9827fff monitored = 0 entry_point = 0x7ff8f97a13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1013 start_va = 0x7ff8f9830000 end_va = 0x7ff8f9890fff monitored = 0 entry_point = 0x7ff8f9834b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1014 start_va = 0x7ff8f9be0000 end_va = 0x7ff8f9c0dfff monitored = 0 entry_point = 0x7ff8f9be7550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1015 start_va = 0x7ff8fa1b0000 end_va = 0x7ff8fa1c5fff monitored = 0 entry_point = 0x7ff8fa1b1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1016 start_va = 0x7ff8fa260000 end_va = 0x7ff8fa278fff monitored = 0 entry_point = 0x7ff8fa264520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1017 start_va = 0x7ff8fc9e0000 end_va = 0x7ff8fca59fff monitored = 0 entry_point = 0x7ff8fca07630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1018 start_va = 0x7ff8fcb00000 end_va = 0x7ff8fcb10fff monitored = 0 entry_point = 0x7ff8fcb03320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1019 start_va = 0x7ff8fccd0000 end_va = 0x7ff8fcd33fff monitored = 0 entry_point = 0x7ff8fcce5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1020 start_va = 0x7ff8fcf00000 end_va = 0x7ff8fcfbefff monitored = 0 entry_point = 0x7ff8fcf21c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1021 start_va = 0x7ff8fec90000 end_va = 0x7ff8fee15fff monitored = 0 entry_point = 0x7ff8fecdd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1022 start_va = 0x7ff8fee20000 end_va = 0x7ff8fee3bfff monitored = 0 entry_point = 0x7ff8fee237a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1023 start_va = 0x7ff8fefe0000 end_va = 0x7ff8fefe9fff monitored = 0 entry_point = 0x7ff8fefe1840 region_type = mapped_file name = "dnsext.dll" filename = "\\Windows\\System32\\dnsext.dll" (normalized: "c:\\windows\\system32\\dnsext.dll") Region: id = 1024 start_va = 0x7ff8ff1b0000 end_va = 0x7ff8ff259fff monitored = 0 entry_point = 0x7ff8ff1d7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1025 start_va = 0x7ff8ff740000 end_va = 0x7ff8ff763fff monitored = 0 entry_point = 0x7ff8ff743260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1026 start_va = 0x7ff8ff8e0000 end_va = 0x7ff8ff9d3fff monitored = 0 entry_point = 0x7ff8ff8ea960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1027 start_va = 0x7ff8ffb50000 end_va = 0x7ff8ffb5bfff monitored = 0 entry_point = 0x7ff8ffb527e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1028 start_va = 0x7ff8ffea0000 end_va = 0x7ff8ffebefff monitored = 0 entry_point = 0x7ff8ffea5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1029 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1030 start_va = 0x7ff9001e0000 end_va = 0x7ff9001eafff monitored = 0 entry_point = 0x7ff9001e19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1031 start_va = 0x7ff900220000 end_va = 0x7ff900240fff monitored = 0 entry_point = 0x7ff900230250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 1032 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1033 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1034 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1035 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1036 start_va = 0x7ff9007b0000 end_va = 0x7ff9007bffff monitored = 0 entry_point = 0x7ff9007b56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1037 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1038 start_va = 0x7ff9007d0000 end_va = 0x7ff900996fff monitored = 0 entry_point = 0x7ff90082db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1039 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1040 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1041 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1042 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1043 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1044 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1045 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1046 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1047 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1048 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1049 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1050 start_va = 0x7ff902250000 end_va = 0x7ff902257fff monitored = 0 entry_point = 0x7ff902251ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1051 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1052 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1053 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1054 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3036 start_va = 0x2000000 end_va = 0x2156fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 3037 start_va = 0x4550000 end_va = 0x474ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004550000" filename = "" Region: id = 3038 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 3044 start_va = 0x460000 end_va = 0x461fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 3045 start_va = 0x7ff8fcfc0000 end_va = 0x7ff8fcfe8fff monitored = 0 entry_point = 0x7ff8fcfcca00 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 3046 start_va = 0xf00000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 3047 start_va = 0x7ff9000c0000 end_va = 0x7ff9000d6fff monitored = 0 entry_point = 0x7ff9000c79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3048 start_va = 0x7ff8ffd50000 end_va = 0x7ff8ffd83fff monitored = 0 entry_point = 0x7ff8ffd6ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3049 start_va = 0xf80000 end_va = 0xf91fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dnsapi.dll.mui" filename = "\\Windows\\System32\\en-US\\dnsapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dnsapi.dll.mui") Region: id = 3050 start_va = 0x470000 end_va = 0x470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fveui.dll.mui" filename = "\\Windows\\System32\\en-US\\fveui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fveui.dll.mui") Region: id = 3051 start_va = 0x1550000 end_va = 0x159bfff monitored = 0 entry_point = 0x156f730 region_type = mapped_file name = "fveui.dll" filename = "\\Windows\\System32\\fveui.dll" (normalized: "c:\\windows\\system32\\fveui.dll") Region: id = 3052 start_va = 0x470000 end_va = 0x470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fveui.dll.mui" filename = "\\Windows\\System32\\en-US\\fveui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fveui.dll.mui") Region: id = 3053 start_va = 0x1550000 end_va = 0x159bfff monitored = 0 entry_point = 0x156f730 region_type = mapped_file name = "fveui.dll" filename = "\\Windows\\System32\\fveui.dll" (normalized: "c:\\windows\\system32\\fveui.dll") Region: id = 3054 start_va = 0x470000 end_va = 0x470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fveui.dll.mui" filename = "\\Windows\\System32\\en-US\\fveui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fveui.dll.mui") Region: id = 3055 start_va = 0x1550000 end_va = 0x159bfff monitored = 0 entry_point = 0x156f730 region_type = mapped_file name = "fveui.dll" filename = "\\Windows\\System32\\fveui.dll" (normalized: "c:\\windows\\system32\\fveui.dll") Region: id = 3056 start_va = 0x470000 end_va = 0x470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fveui.dll.mui" filename = "\\Windows\\System32\\en-US\\fveui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fveui.dll.mui") Region: id = 3057 start_va = 0x1550000 end_va = 0x159bfff monitored = 0 entry_point = 0x156f730 region_type = mapped_file name = "fveui.dll" filename = "\\Windows\\System32\\fveui.dll" (normalized: "c:\\windows\\system32\\fveui.dll") Region: id = 3058 start_va = 0x470000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 3059 start_va = 0x5550000 end_va = 0x5785fff monitored = 0 entry_point = 0x55da450 region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 3060 start_va = 0x470000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 3061 start_va = 0x5550000 end_va = 0x5785fff monitored = 0 entry_point = 0x55da450 region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 3062 start_va = 0x470000 end_va = 0x472fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 3063 start_va = 0x1550000 end_va = 0x15c7fff monitored = 0 entry_point = 0x15531a0 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe") Region: id = 3064 start_va = 0x470000 end_va = 0x472fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "powershell.exe.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui") Region: id = 3065 start_va = 0x1550000 end_va = 0x15c7fff monitored = 0 entry_point = 0x15531a0 region_type = mapped_file name = "powershell.exe" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe") Region: id = 3066 start_va = 0x470000 end_va = 0x479fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 3067 start_va = 0x1850000 end_va = 0x194ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001850000" filename = "" Region: id = 3068 start_va = 0x7ff8f9c90000 end_va = 0x7ff8f9cbefff monitored = 0 entry_point = 0x7ff8f9c9ec60 region_type = mapped_file name = "cryptnet.dll" filename = "\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll") Region: id = 3366 start_va = 0x1d00000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 3367 start_va = 0x7ff8f6580000 end_va = 0x7ff8f65bffff monitored = 0 entry_point = 0x7ff8f6596c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 3368 start_va = 0x7ff8f8cd0000 end_va = 0x7ff8f8cddfff monitored = 0 entry_point = 0x7ff8f8cd1460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 3369 start_va = 0x2000000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 3370 start_va = 0x2150000 end_va = 0x2156fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 3371 start_va = 0xf00000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 3372 start_va = 0x7ff8f80a0000 end_va = 0x7ff8f80b4fff monitored = 0 entry_point = 0x7ff8f80a2dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 3373 start_va = 0x7ff8f35b0000 end_va = 0x7ff8f362ffff monitored = 0 entry_point = 0x7ff8f35dd280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 3374 start_va = 0x1550000 end_va = 0x15cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001550000" filename = "" Region: id = 3375 start_va = 0x460000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 3376 start_va = 0x4d0000 end_va = 0x4dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 3377 start_va = 0x7ff8f7780000 end_va = 0x7ff8f7789fff monitored = 0 entry_point = 0x7ff8f77814c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3378 start_va = 0xfa0000 end_va = 0xfa2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 3379 start_va = 0xfc0000 end_va = 0xfc9fff monitored = 0 entry_point = 0xfc15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3380 start_va = 0xfd0000 end_va = 0xfd0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3381 start_va = 0xfc0000 end_va = 0xfc9fff monitored = 0 entry_point = 0xfc15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3382 start_va = 0xfd0000 end_va = 0xfd0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3383 start_va = 0xfc0000 end_va = 0xfc9fff monitored = 0 entry_point = 0xfc15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3384 start_va = 0xfd0000 end_va = 0xfd0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3385 start_va = 0xfc0000 end_va = 0xfc9fff monitored = 0 entry_point = 0xfc15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3386 start_va = 0xfd0000 end_va = 0xfd0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3387 start_va = 0x1850000 end_va = 0x194ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001850000" filename = "" Region: id = 3388 start_va = 0x1850000 end_va = 0x194ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001850000" filename = "" Thread: id = 334 os_tid = 0x520 Thread: id = 335 os_tid = 0x184 Thread: id = 336 os_tid = 0x864 Thread: id = 337 os_tid = 0x794 Thread: id = 338 os_tid = 0x828 Thread: id = 339 os_tid = 0x834 Thread: id = 340 os_tid = 0xa5c Thread: id = 341 os_tid = 0x820 Thread: id = 342 os_tid = 0x818 Thread: id = 343 os_tid = 0x9c8 Thread: id = 344 os_tid = 0xab8 Thread: id = 345 os_tid = 0x2ac Thread: id = 346 os_tid = 0xb74 Thread: id = 347 os_tid = 0x394 Thread: id = 348 os_tid = 0xb80 Thread: id = 349 os_tid = 0xa9c Thread: id = 350 os_tid = 0x338 Thread: id = 351 os_tid = 0x8a4 Thread: id = 352 os_tid = 0x670 Thread: id = 353 os_tid = 0x614 Thread: id = 354 os_tid = 0x610 Thread: id = 355 os_tid = 0x608 Thread: id = 356 os_tid = 0x604 Thread: id = 357 os_tid = 0x57c Thread: id = 358 os_tid = 0x528 Thread: id = 359 os_tid = 0x51c Thread: id = 360 os_tid = 0x500 Thread: id = 361 os_tid = 0x4cc Thread: id = 362 os_tid = 0x480 Thread: id = 437 os_tid = 0xa3c Thread: id = 438 os_tid = 0xf14 Thread: id = 461 os_tid = 0x1058 Thread: id = 462 os_tid = 0x10bc Thread: id = 463 os_tid = 0x10d4 Thread: id = 464 os_tid = 0x10c8 Thread: id = 465 os_tid = 0x10dc Thread: id = 466 os_tid = 0x10e4 Thread: id = 467 os_tid = 0x10c4 Process: id = "13" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0x71352000" os_pid = "0x4ec" os_integrity_level = "0x4000" os_privileges = "0x20a00080" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\System32\\spoolsv.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:00010bcd" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 363 os_tid = 0x730 Thread: id = 364 os_tid = 0x534 Thread: id = 365 os_tid = 0x97c Thread: id = 366 os_tid = 0x304 Thread: id = 367 os_tid = 0xb70 Thread: id = 368 os_tid = 0xbbc Thread: id = 369 os_tid = 0xb68 Thread: id = 370 os_tid = 0x55c Thread: id = 371 os_tid = 0x550 Thread: id = 372 os_tid = 0x514 Thread: id = 373 os_tid = 0x4f0 Process: id = "14" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x3af63000" os_pid = "0x634" os_integrity_level = "0x4000" os_privileges = "0x260814080" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k appmodel" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\tiledatamodelsvc" [0xa], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:000139e1" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2338 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2339 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2340 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2341 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2342 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2343 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2344 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2345 start_va = 0x100000 end_va = 0x106fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2346 start_va = 0x110000 end_va = 0x1cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2347 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2348 start_va = 0x1e0000 end_va = 0x1e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2349 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2350 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2351 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2352 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2353 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2354 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2355 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2356 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2357 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2358 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2359 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2360 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2361 start_va = 0x590000 end_va = 0x597fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "staterepository-machine.srd-shm" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\StateRepository-Machine.srd-shm" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\staterepository-machine.srd-shm") Region: id = 2362 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 2363 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2364 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005c0000" filename = "" Region: id = 2365 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 2366 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2367 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2368 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2369 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 2370 start_va = 0x890000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2371 start_va = 0xa20000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 2372 start_va = 0xae0000 end_va = 0xbdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 2373 start_va = 0xbe0000 end_va = 0xbeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 2374 start_va = 0xbf0000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bf0000" filename = "" Region: id = 2375 start_va = 0xc00000 end_va = 0xc0ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Region: id = 2376 start_va = 0xc10000 end_va = 0xc1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c10000" filename = "" Region: id = 2377 start_va = 0xc20000 end_va = 0xc2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c20000" filename = "" Region: id = 2378 start_va = 0xc30000 end_va = 0xc3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c30000" filename = "" Region: id = 2379 start_va = 0xc40000 end_va = 0xc4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Region: id = 2380 start_va = 0xc50000 end_va = 0xc5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c50000" filename = "" Region: id = 2381 start_va = 0xc60000 end_va = 0xc60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c60000" filename = "" Region: id = 2382 start_va = 0xc70000 end_va = 0xc70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c70000" filename = "" Region: id = 2383 start_va = 0xc80000 end_va = 0xc86fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 2384 start_va = 0xc90000 end_va = 0xc90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 2385 start_va = 0xca0000 end_va = 0xca3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 2386 start_va = 0xcb0000 end_va = 0xcb1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cb0000" filename = "" Region: id = 2387 start_va = 0xcc0000 end_va = 0xcc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 2388 start_va = 0xcd0000 end_va = 0xceffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 2389 start_va = 0xcf0000 end_va = 0xcf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cf0000" filename = "" Region: id = 2390 start_va = 0xd00000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 2391 start_va = 0xe00000 end_va = 0xe0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2392 start_va = 0xe10000 end_va = 0xe1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2393 start_va = 0xe20000 end_va = 0xe2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2394 start_va = 0xe30000 end_va = 0xe3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2395 start_va = 0xe40000 end_va = 0xe4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2396 start_va = 0xe50000 end_va = 0xe5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2397 start_va = 0xe60000 end_va = 0xe6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2398 start_va = 0xe70000 end_va = 0xe7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2399 start_va = 0xe80000 end_va = 0xe8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2400 start_va = 0xe90000 end_va = 0xe9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2401 start_va = 0xea0000 end_va = 0xeaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2402 start_va = 0xeb0000 end_va = 0xebffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2403 start_va = 0xec0000 end_va = 0xecffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2404 start_va = 0xed0000 end_va = 0xedffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2405 start_va = 0xee0000 end_va = 0xeeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2406 start_va = 0xef0000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2407 start_va = 0xf00000 end_va = 0xf0ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2408 start_va = 0xf10000 end_va = 0xf1ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2409 start_va = 0xf20000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2410 start_va = 0xf30000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2411 start_va = 0xf40000 end_va = 0xf4ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2412 start_va = 0xf50000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2413 start_va = 0xf60000 end_va = 0xf6ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2414 start_va = 0xf70000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2415 start_va = 0xf80000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2416 start_va = 0xf90000 end_va = 0xf9ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2417 start_va = 0xfa0000 end_va = 0xfaffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2418 start_va = 0xfb0000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2419 start_va = 0xfc0000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2420 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2421 start_va = 0xfe0000 end_va = 0xfeffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2422 start_va = 0xff0000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2423 start_va = 0x1000000 end_va = 0x100ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2424 start_va = 0x1010000 end_va = 0x101ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2425 start_va = 0x1020000 end_va = 0x102ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2426 start_va = 0x1030000 end_va = 0x103ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2427 start_va = 0x1040000 end_va = 0x104ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2428 start_va = 0x1050000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2429 start_va = 0x1060000 end_va = 0x106ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2430 start_va = 0x1070000 end_va = 0x107ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2431 start_va = 0x1080000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2432 start_va = 0x1090000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2433 start_va = 0x10a0000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2434 start_va = 0x10b0000 end_va = 0x10bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2435 start_va = 0x10c0000 end_va = 0x10cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2436 start_va = 0x10d0000 end_va = 0x10dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2437 start_va = 0x10e0000 end_va = 0x10effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2438 start_va = 0x10f0000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2439 start_va = 0x1100000 end_va = 0x110ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2440 start_va = 0x1110000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2441 start_va = 0x1120000 end_va = 0x112ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2442 start_va = 0x1130000 end_va = 0x113ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2443 start_va = 0x1140000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2444 start_va = 0x1150000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2445 start_va = 0x1160000 end_va = 0x1160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 2446 start_va = 0x1170000 end_va = 0x117ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2447 start_va = 0x1180000 end_va = 0x118ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2448 start_va = 0x1190000 end_va = 0x119ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2449 start_va = 0x11a0000 end_va = 0x11affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2450 start_va = 0x11b0000 end_va = 0x11bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2451 start_va = 0x11c0000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2452 start_va = 0x11d0000 end_va = 0x11d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 2453 start_va = 0x1200000 end_va = 0x1536fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2454 start_va = 0x1640000 end_va = 0x263ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001640000" filename = "" Region: id = 2455 start_va = 0x2730000 end_va = 0x27affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002730000" filename = "" Region: id = 2456 start_va = 0x27c0000 end_va = 0x27c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027c0000" filename = "" Region: id = 2457 start_va = 0x27f0000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 2458 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 2459 start_va = 0x29c0000 end_va = 0x29edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000029c0000" filename = "" Region: id = 2460 start_va = 0x2a40000 end_va = 0x2b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 2461 start_va = 0x2c00000 end_va = 0x2cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 2462 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 2463 start_va = 0x2ff0000 end_va = 0x2ff0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ff0000" filename = "" Region: id = 2464 start_va = 0x3000000 end_va = 0x30fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 2465 start_va = 0x3100000 end_va = 0x31fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003100000" filename = "" Region: id = 2466 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2467 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2468 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2469 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2470 start_va = 0x7ff731720000 end_va = 0x7ff73172cfff monitored = 0 entry_point = 0x7ff731723980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2471 start_va = 0x7ff8f6d60000 end_va = 0x7ff8f6f17fff monitored = 0 entry_point = 0x7ff8f6dce630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 2472 start_va = 0x7ff8f6f20000 end_va = 0x7ff8f7218fff monitored = 0 entry_point = 0x7ff8f6fe7280 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 2473 start_va = 0x7ff8f7220000 end_va = 0x7ff8f729bfff monitored = 0 entry_point = 0x7ff8f724a970 region_type = mapped_file name = "tileobjserver.dll" filename = "\\Windows\\System32\\tileobjserver.dll" (normalized: "c:\\windows\\system32\\tileobjserver.dll") Region: id = 2474 start_va = 0x7ff8f7790000 end_va = 0x7ff8f7823fff monitored = 0 entry_point = 0x7ff8f77c9210 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 2475 start_va = 0x7ff8f7830000 end_va = 0x7ff8f7ad2fff monitored = 0 entry_point = 0x7ff8f7856190 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 2476 start_va = 0x7ff8fabb0000 end_va = 0x7ff8fac41fff monitored = 0 entry_point = 0x7ff8fabfa780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 2477 start_va = 0x7ff8faeb0000 end_va = 0x7ff8fb231fff monitored = 0 entry_point = 0x7ff8faf01220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 2478 start_va = 0x7ff8fb240000 end_va = 0x7ff8fb375fff monitored = 0 entry_point = 0x7ff8fb26f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 2479 start_va = 0x7ff8fde10000 end_va = 0x7ff8fe2a2fff monitored = 0 entry_point = 0x7ff8fde1f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 2480 start_va = 0x7ff8fee80000 end_va = 0x7ff8fee92fff monitored = 0 entry_point = 0x7ff8fee82760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2481 start_va = 0x7ff8ff8e0000 end_va = 0x7ff8ff9d3fff monitored = 0 entry_point = 0x7ff8ff8ea960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 2482 start_va = 0x7ff8ffd50000 end_va = 0x7ff8ffd83fff monitored = 0 entry_point = 0x7ff8ffd6ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2483 start_va = 0x7ff8ffea0000 end_va = 0x7ff8ffebefff monitored = 0 entry_point = 0x7ff8ffea5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2484 start_va = 0x7ff9000c0000 end_va = 0x7ff9000d6fff monitored = 0 entry_point = 0x7ff9000c79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2485 start_va = 0x7ff9001e0000 end_va = 0x7ff9001eafff monitored = 0 entry_point = 0x7ff9001e19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2486 start_va = 0x7ff9003c0000 end_va = 0x7ff900415fff monitored = 0 entry_point = 0x7ff9003d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2487 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2488 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2489 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2490 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2491 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2492 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2493 start_va = 0x7ff900a50000 end_va = 0x7ff900b04fff monitored = 0 entry_point = 0x7ff900a922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2494 start_va = 0x7ff900b10000 end_va = 0x7ff901153fff monitored = 0 entry_point = 0x7ff900cd64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2495 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2496 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2497 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2498 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2499 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2500 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2501 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2502 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2503 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2504 start_va = 0x7ff903e40000 end_va = 0x7ff903e91fff monitored = 0 entry_point = 0x7ff903e4f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2505 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2506 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2507 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3359 start_va = 0x11e0000 end_va = 0x11e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011e0000" filename = "" Region: id = 3361 start_va = 0x11e0000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3362 start_va = 0x11f0000 end_va = 0x11f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011f0000" filename = "" Region: id = 3363 start_va = 0x11c0000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3364 start_va = 0x1160000 end_va = 0x116ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3365 start_va = 0x11d0000 end_va = 0x11d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 3390 start_va = 0x11d0000 end_va = 0x11d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011d0000" filename = "" Region: id = 3393 start_va = 0x11d0000 end_va = 0x11dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3394 start_va = 0x11e0000 end_va = 0x11e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011e0000" filename = "" Region: id = 3395 start_va = 0x11e0000 end_va = 0x11e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000011e0000" filename = "" Region: id = 3396 start_va = 0x11e0000 end_va = 0x11effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3397 start_va = 0x11f0000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3398 start_va = 0x1540000 end_va = 0x154ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3399 start_va = 0x1550000 end_va = 0x155ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3400 start_va = 0x1560000 end_va = 0x1560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001560000" filename = "" Region: id = 3401 start_va = 0x1560000 end_va = 0x1560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001560000" filename = "" Region: id = 3402 start_va = 0x1560000 end_va = 0x156ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3403 start_va = 0x1570000 end_va = 0x157ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3404 start_va = 0x1580000 end_va = 0x1580fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001580000" filename = "" Region: id = 3405 start_va = 0x1580000 end_va = 0x158ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3406 start_va = 0x1590000 end_va = 0x1590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001590000" filename = "" Region: id = 3407 start_va = 0x1590000 end_va = 0x159ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3408 start_va = 0x15a0000 end_va = 0x15a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015a0000" filename = "" Region: id = 3410 start_va = 0x15a0000 end_va = 0x15affff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3411 start_va = 0x15b0000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3412 start_va = 0x15c0000 end_va = 0x15cffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3413 start_va = 0x15d0000 end_va = 0x15d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015d0000" filename = "" Region: id = 3414 start_va = 0x15d0000 end_va = 0x15d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015d0000" filename = "" Region: id = 3415 start_va = 0x15d0000 end_va = 0x15dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3416 start_va = 0x15e0000 end_va = 0x15e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015e0000" filename = "" Region: id = 3417 start_va = 0x15e0000 end_va = 0x15e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015e0000" filename = "" Region: id = 3418 start_va = 0x15e0000 end_va = 0x15effff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3419 start_va = 0x15f0000 end_va = 0x15fffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3420 start_va = 0x1600000 end_va = 0x160ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3421 start_va = 0x1610000 end_va = 0x1611fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001610000" filename = "" Region: id = 3422 start_va = 0x1610000 end_va = 0x1611fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001610000" filename = "" Region: id = 3423 start_va = 0x1610000 end_va = 0x161ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3424 start_va = 0x1620000 end_va = 0x1621fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001620000" filename = "" Region: id = 3425 start_va = 0x1620000 end_va = 0x1621fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001620000" filename = "" Region: id = 3426 start_va = 0x1620000 end_va = 0x162ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3427 start_va = 0x1630000 end_va = 0x163ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3428 start_va = 0x2640000 end_va = 0x2641fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002640000" filename = "" Region: id = 3429 start_va = 0x2640000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3430 start_va = 0x2650000 end_va = 0x2651fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Region: id = 3431 start_va = 0x2650000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3432 start_va = 0x2660000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "vedatamodel.edb" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\TileDataLayer\\Database\\vedatamodel.edb" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tiledatalayer\\database\\vedatamodel.edb") Region: id = 3433 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3434 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3436 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3437 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3438 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3439 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3440 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3524 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3526 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3527 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3528 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3529 start_va = 0x2670000 end_va = 0x2670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3530 start_va = 0x2670000 end_va = 0x2670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3531 start_va = 0x2670000 end_va = 0x2670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3532 start_va = 0x2670000 end_va = 0x2670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3533 start_va = 0x2670000 end_va = 0x2670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3534 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3536 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3537 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3538 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3539 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3540 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3541 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3542 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3543 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3544 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3545 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3546 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3547 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3548 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 3550 start_va = 0x2670000 end_va = 0x2671fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Thread: id = 374 os_tid = 0xa38 Thread: id = 375 os_tid = 0xa94 Thread: id = 376 os_tid = 0xaa8 Thread: id = 377 os_tid = 0x9e4 Thread: id = 378 os_tid = 0x914 Thread: id = 379 os_tid = 0x638 Process: id = "15" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x2509e000" os_pid = "0xb30" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f229" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3072 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3073 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 3074 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3075 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 3076 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 3077 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 3078 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 3079 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3080 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3081 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 3082 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3083 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3084 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3085 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3086 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3087 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 3088 start_va = 0x5a0000 end_va = 0x5a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 3089 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phoneutilres.dll" filename = "\\Windows\\System32\\PhoneutilRes.dll" (normalized: "c:\\windows\\system32\\phoneutilres.dll") Region: id = 3090 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "syncres.dll" filename = "\\Windows\\System32\\SyncRes.dll" (normalized: "c:\\windows\\system32\\syncres.dll") Region: id = 3091 start_va = 0x5e0000 end_va = 0x60dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 3092 start_va = 0x620000 end_va = 0x626fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 3093 start_va = 0x6f0000 end_va = 0x6f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 3094 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 3095 start_va = 0x800000 end_va = 0x987fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000800000" filename = "" Region: id = 3096 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 3097 start_va = 0xb20000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b20000" filename = "" Region: id = 3098 start_va = 0x1f20000 end_va = 0x1ffffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 3099 start_va = 0x2000000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002000000" filename = "" Region: id = 3100 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 3101 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 3102 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3103 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 3104 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 3105 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 3106 start_va = 0x7ff731720000 end_va = 0x7ff73172cfff monitored = 0 entry_point = 0x7ff731723980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 3107 start_va = 0x7ff8ebb60000 end_va = 0x7ff8ebbabfff monitored = 0 entry_point = 0x7ff8ebb940d0 region_type = mapped_file name = "phoneutil.dll" filename = "\\Windows\\System32\\Phoneutil.dll" (normalized: "c:\\windows\\system32\\phoneutil.dll") Region: id = 3108 start_va = 0x7ff8ebbb0000 end_va = 0x7ff8ebbc0fff monitored = 0 entry_point = 0x7ff8ebbb73f0 region_type = mapped_file name = "userdatatypehelperutil.dll" filename = "\\Windows\\System32\\UserDataTypeHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdatatypehelperutil.dll") Region: id = 3109 start_va = 0x7ff8ebbd0000 end_va = 0x7ff8ebbe0fff monitored = 0 entry_point = 0x7ff8ebbd7400 region_type = mapped_file name = "userdatalanguageutil.dll" filename = "\\Windows\\System32\\UserDataLanguageUtil.dll" (normalized: "c:\\windows\\system32\\userdatalanguageutil.dll") Region: id = 3110 start_va = 0x7ff8ebbf0000 end_va = 0x7ff8ebc2ffff monitored = 0 entry_point = 0x7ff8ebc1b3d0 region_type = mapped_file name = "cemapi.dll" filename = "\\Windows\\System32\\cemapi.dll" (normalized: "c:\\windows\\system32\\cemapi.dll") Region: id = 3111 start_va = 0x7ff8ebc30000 end_va = 0x7ff8ebc5ffff monitored = 0 entry_point = 0x7ff8ebc4eca0 region_type = mapped_file name = "mccsengineshared.dll" filename = "\\Windows\\System32\\MCCSEngineShared.dll" (normalized: "c:\\windows\\system32\\mccsengineshared.dll") Region: id = 3112 start_va = 0x7ff8ebc60000 end_va = 0x7ff8ebca2fff monitored = 0 entry_point = 0x7ff8ebc8b150 region_type = mapped_file name = "accountaccessor.dll" filename = "\\Windows\\System32\\accountaccessor.dll" (normalized: "c:\\windows\\system32\\accountaccessor.dll") Region: id = 3113 start_va = 0x7ff8ebcb0000 end_va = 0x7ff8ebcc2fff monitored = 0 entry_point = 0x7ff8ebcb5720 region_type = mapped_file name = "aphostclient.dll" filename = "\\Windows\\System32\\APHostClient.dll" (normalized: "c:\\windows\\system32\\aphostclient.dll") Region: id = 3114 start_va = 0x7ff8ebcd0000 end_va = 0x7ff8ebe3bfff monitored = 0 entry_point = 0x7ff8ebcfdd00 region_type = mapped_file name = "pimstore.dll" filename = "\\Windows\\System32\\Pimstore.dll" (normalized: "c:\\windows\\system32\\pimstore.dll") Region: id = 3115 start_va = 0x7ff8ebe40000 end_va = 0x7ff8ebeccfff monitored = 0 entry_point = 0x7ff8ebea07a0 region_type = mapped_file name = "synccontroller.dll" filename = "\\Windows\\System32\\SyncController.dll" (normalized: "c:\\windows\\system32\\synccontroller.dll") Region: id = 3116 start_va = 0x7ff8ebfc0000 end_va = 0x7ff8ebffefff monitored = 0 entry_point = 0x7ff8ebfe3320 region_type = mapped_file name = "flightsettings.dll" filename = "\\Windows\\System32\\FlightSettings.dll" (normalized: "c:\\windows\\system32\\flightsettings.dll") Region: id = 3117 start_va = 0x7ff8ec000000 end_va = 0x7ff8ec010fff monitored = 0 entry_point = 0x7ff8ec0074c0 region_type = mapped_file name = "inproclogger.dll" filename = "\\Windows\\System32\\InprocLogger.dll" (normalized: "c:\\windows\\system32\\inproclogger.dll") Region: id = 3118 start_va = 0x7ff8ec020000 end_va = 0x7ff8ec082fff monitored = 0 entry_point = 0x7ff8ec063150 region_type = mapped_file name = "syncutil.dll" filename = "\\Windows\\System32\\syncutil.dll" (normalized: "c:\\windows\\system32\\syncutil.dll") Region: id = 3119 start_va = 0x7ff8ec090000 end_va = 0x7ff8ec0a5fff monitored = 0 entry_point = 0x7ff8ec099f30 region_type = mapped_file name = "userdataplatformhelperutil.dll" filename = "\\Windows\\System32\\UserDataPlatformHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdataplatformhelperutil.dll") Region: id = 3120 start_va = 0x7ff8ec0b0000 end_va = 0x7ff8ec109fff monitored = 0 entry_point = 0x7ff8ec0c0330 region_type = mapped_file name = "aphostservice.dll" filename = "\\Windows\\System32\\APHostService.dll" (normalized: "c:\\windows\\system32\\aphostservice.dll") Region: id = 3121 start_va = 0x7ff8f3ed0000 end_va = 0x7ff8f3f1afff monitored = 0 entry_point = 0x7ff8f3ee1590 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\System32\\vaultcli.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll") Region: id = 3122 start_va = 0x7ff8f6980000 end_va = 0x7ff8f698bfff monitored = 0 entry_point = 0x7ff8f6981470 region_type = mapped_file name = "dsclient.dll" filename = "\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll") Region: id = 3123 start_va = 0x7ff8f7ae0000 end_va = 0x7ff8f7badfff monitored = 0 entry_point = 0x7ff8f7b114c0 region_type = mapped_file name = "tokenbroker.dll" filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll") Region: id = 3124 start_va = 0x7ff8f9540000 end_va = 0x7ff8f9594fff monitored = 0 entry_point = 0x7ff8f9543fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 3125 start_va = 0x7ff8f9c80000 end_va = 0x7ff8f9c8afff monitored = 0 entry_point = 0x7ff8f9c81ea0 region_type = mapped_file name = "mccspal.dll" filename = "\\Windows\\System32\\MCCSPal.dll" (normalized: "c:\\windows\\system32\\mccspal.dll") Region: id = 3126 start_va = 0x7ff8f9cc0000 end_va = 0x7ff8f9ce7fff monitored = 0 entry_point = 0x7ff8f9cc8c10 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 3127 start_va = 0x7ff8fabb0000 end_va = 0x7ff8fac41fff monitored = 0 entry_point = 0x7ff8fabfa780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 3128 start_va = 0x7ff8fb240000 end_va = 0x7ff8fb375fff monitored = 0 entry_point = 0x7ff8fb26f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 3129 start_va = 0x7ff8fc930000 end_va = 0x7ff8fc94efff monitored = 0 entry_point = 0x7ff8fc941020 region_type = mapped_file name = "networkhelper.dll" filename = "\\Windows\\System32\\networkhelper.dll" (normalized: "c:\\windows\\system32\\networkhelper.dll") Region: id = 3130 start_va = 0x7ff8fde10000 end_va = 0x7ff8fe2a2fff monitored = 0 entry_point = 0x7ff8fde1f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 3131 start_va = 0x7ff8fee20000 end_va = 0x7ff8fee3bfff monitored = 0 entry_point = 0x7ff8fee237a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 3132 start_va = 0x7ff8fee80000 end_va = 0x7ff8fee92fff monitored = 0 entry_point = 0x7ff8fee82760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 3133 start_va = 0x7ff8ff8e0000 end_va = 0x7ff8ff9d3fff monitored = 0 entry_point = 0x7ff8ff8ea960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 3134 start_va = 0x7ff8fffa0000 end_va = 0x7ff8fffabfff monitored = 0 entry_point = 0x7ff8fffa45f0 region_type = mapped_file name = "ntlmshared.dll" filename = "\\Windows\\System32\\NtlmShared.dll" (normalized: "c:\\windows\\system32\\ntlmshared.dll") Region: id = 3135 start_va = 0x7ff8fffb0000 end_va = 0x7ff90000cfff monitored = 0 entry_point = 0x7ff8fffc5100 region_type = mapped_file name = "msv1_0.dll" filename = "\\Windows\\System32\\msv1_0.dll" (normalized: "c:\\windows\\system32\\msv1_0.dll") Region: id = 3136 start_va = 0x7ff900070000 end_va = 0x7ff900084fff monitored = 0 entry_point = 0x7ff900073f50 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 3137 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3138 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3139 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3140 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3141 start_va = 0x7ff9007b0000 end_va = 0x7ff9007bffff monitored = 0 entry_point = 0x7ff9007b56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3142 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3143 start_va = 0x7ff9007d0000 end_va = 0x7ff900996fff monitored = 0 entry_point = 0x7ff90082db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3144 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3145 start_va = 0x7ff900a50000 end_va = 0x7ff900b04fff monitored = 0 entry_point = 0x7ff900a922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 3146 start_va = 0x7ff900b10000 end_va = 0x7ff901153fff monitored = 0 entry_point = 0x7ff900cd64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 3147 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3148 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3149 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3150 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3151 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3152 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3153 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3154 start_va = 0x7ff901e30000 end_va = 0x7ff901e6afff monitored = 0 entry_point = 0x7ff901e312f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3155 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3156 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3157 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3158 start_va = 0x7ff903e40000 end_va = 0x7ff903e91fff monitored = 0 entry_point = 0x7ff903e4f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3159 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3160 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3161 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 380 os_tid = 0xad0 Thread: id = 381 os_tid = 0xa78 Thread: id = 382 os_tid = 0xa90 Thread: id = 383 os_tid = 0xb34 Process: id = "16" image_name = "msdtc.exe" filename = "c:\\windows\\system32\\msdtc.exe" page_root = "0x194ca000" os_pid = "0x1328" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\System32\\msdtc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\MSDTC" [0xe], "NT AUTHORITY\\Logon Session 00000000:000b2169" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 842 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 843 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 844 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 845 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 846 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 847 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 848 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 849 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 850 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 851 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 852 start_va = 0x7ff6e1ce0000 end_va = 0x7ff6e1d0afff monitored = 0 entry_point = 0x7ff6e1ce68d0 region_type = mapped_file name = "msdtc.exe" filename = "\\Windows\\System32\\msdtc.exe" (normalized: "c:\\windows\\system32\\msdtc.exe") Region: id = 853 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1055 start_va = 0x400000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1056 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1057 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1058 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1059 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1060 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1409 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1410 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1411 start_va = 0x530000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 1412 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1413 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1414 start_va = 0x7ff8eb3c0000 end_va = 0x7ff8eb579fff monitored = 0 entry_point = 0x7ff8eb3c7120 region_type = mapped_file name = "msdtctm.dll" filename = "\\Windows\\System32\\msdtctm.dll" (normalized: "c:\\windows\\system32\\msdtctm.dll") Region: id = 1415 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1416 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1417 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1418 start_va = 0x7ff901f80000 end_va = 0x7ff9020c2fff monitored = 0 entry_point = 0x7ff901fa8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1419 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1420 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1421 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1422 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1423 start_va = 0x7ff8f9130000 end_va = 0x7ff8f9156fff monitored = 0 entry_point = 0x7ff8f9142820 region_type = mapped_file name = "msdtclog.dll" filename = "\\Windows\\System32\\msdtclog.dll" (normalized: "c:\\windows\\system32\\msdtclog.dll") Region: id = 1424 start_va = 0x7ff8ed5e0000 end_va = 0x7ff8ed649fff monitored = 0 entry_point = 0x7ff8ed60e410 region_type = mapped_file name = "mtxclu.dll" filename = "\\Windows\\System32\\mtxclu.dll" (normalized: "c:\\windows\\system32\\mtxclu.dll") Region: id = 1425 start_va = 0x7ff8eb2e0000 end_va = 0x7ff8eb3bcfff monitored = 0 entry_point = 0x7ff8eb35d590 region_type = mapped_file name = "msdtcprx.dll" filename = "\\Windows\\System32\\msdtcprx.dll" (normalized: "c:\\windows\\system32\\msdtcprx.dll") Region: id = 1426 start_va = 0x7ff8fef30000 end_va = 0x7ff8fef52fff monitored = 0 entry_point = 0x7ff8fef33670 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 1427 start_va = 0x7ff8f65c0000 end_va = 0x7ff8f6662fff monitored = 0 entry_point = 0x7ff8f65c2c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1428 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1429 start_va = 0x7ff8f9f30000 end_va = 0x7ff8f9f46fff monitored = 0 entry_point = 0x7ff8f9f38230 region_type = mapped_file name = "xolehlp.dll" filename = "\\Windows\\System32\\xolehlp.dll" (normalized: "c:\\windows\\system32\\xolehlp.dll") Region: id = 1430 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1431 start_va = 0x5b0000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 1432 start_va = 0x7ff8ff1b0000 end_va = 0x7ff8ff259fff monitored = 0 entry_point = 0x7ff8ff1d7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1433 start_va = 0x7ff902250000 end_va = 0x7ff902257fff monitored = 0 entry_point = 0x7ff902251ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1434 start_va = 0x7ff9000c0000 end_va = 0x7ff9000d6fff monitored = 0 entry_point = 0x7ff9000c79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1435 start_va = 0x7ff8f6670000 end_va = 0x7ff8f66c1fff monitored = 0 entry_point = 0x7ff8f6675770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1436 start_va = 0x7ff8feed0000 end_va = 0x7ff8feefbfff monitored = 0 entry_point = 0x7ff8feed8210 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\System32\\winmmbase.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll") Region: id = 1437 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1438 start_va = 0x7ff9002b0000 end_va = 0x7ff9002d6fff monitored = 0 entry_point = 0x7ff9002c0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1439 start_va = 0x7ff8fee40000 end_va = 0x7ff8fee4afff monitored = 0 entry_point = 0x7ff8fee424e0 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 1440 start_va = 0x7ff900270000 end_va = 0x7ff9002a9fff monitored = 0 entry_point = 0x7ff900278d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1441 start_va = 0x630000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1442 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1443 start_va = 0x630000 end_va = 0x7b7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000630000" filename = "" Region: id = 1444 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 1445 start_va = 0x7d0000 end_va = 0x950fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 1446 start_va = 0x960000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 1447 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.exe.mui" filename = "\\Windows\\System32\\en-US\\msdtc.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\msdtc.exe.mui") Region: id = 1448 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1449 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1450 start_va = 0xa20000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 1451 start_va = 0xb20000 end_va = 0xbfcfff monitored = 0 entry_point = 0xb7e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1452 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1453 start_va = 0x180000000 end_va = 0x18013efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comres.dll" filename = "\\Windows\\System32\\comres.dll" (normalized: "c:\\windows\\system32\\comres.dll") Region: id = 1454 start_va = 0x400000 end_va = 0x407fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtcvsp1res.dll" filename = "\\Windows\\System32\\msdtcVSp1res.dll" (normalized: "c:\\windows\\system32\\msdtcvsp1res.dll") Region: id = 1455 start_va = 0x430000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1462 start_va = 0xb20000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 1503 start_va = 0xba0000 end_va = 0xc1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 1505 start_va = 0x7ff8f49b0000 end_va = 0x7ff8f49defff monitored = 0 entry_point = 0x7ff8f49c3620 region_type = mapped_file name = "mtxoci.dll" filename = "\\Windows\\System32\\mtxoci.dll" (normalized: "c:\\windows\\system32\\mtxoci.dll") Region: id = 1507 start_va = 0x7ff8f3650000 end_va = 0x7ff8f367dfff monitored = 1 entry_point = 0x7ff8f36543a0 region_type = mapped_file name = "oci.dll" filename = "\\Windows\\System32\\oci.dll" (normalized: "c:\\windows\\system32\\oci.dll") Region: id = 1508 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1509 start_va = 0xc20000 end_va = 0xc9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 1510 start_va = 0xca0000 end_va = 0xd9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ca0000" filename = "" Region: id = 1856 start_va = 0xda0000 end_va = 0xe1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000da0000" filename = "" Region: id = 1857 start_va = 0xe20000 end_va = 0xe9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e20000" filename = "" Region: id = 1858 start_va = 0x7ff8fa1b0000 end_va = 0x7ff8fa1c5fff monitored = 0 entry_point = 0x7ff8fa1b1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2007 start_va = 0x7ff8f8c20000 end_va = 0x7ff8f8c31fff monitored = 0 entry_point = 0x7ff8f8c23580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2008 start_va = 0x7ff8ffb50000 end_va = 0x7ff8ffb5bfff monitored = 0 entry_point = 0x7ff8ffb527e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2052 start_va = 0xea0000 end_va = 0xf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ea0000" filename = "" Region: id = 2053 start_va = 0xf20000 end_va = 0x1256fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2054 start_va = 0x1260000 end_va = 0x12dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 2055 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2056 start_va = 0x12e0000 end_va = 0x135ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 2057 start_va = 0x7ff8ffc30000 end_va = 0x7ff8ffc60fff monitored = 0 entry_point = 0x7ff8ffc37d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2058 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 2060 start_va = 0x1360000 end_va = 0x13dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 2061 start_va = 0x13e0000 end_va = 0x13e1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2062 start_va = 0x13f0000 end_va = 0x13f3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2063 start_va = 0x13e0000 end_va = 0x13e5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2064 start_va = 0x13f0000 end_va = 0x13f7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2065 start_va = 0x1400000 end_va = 0x1409fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2066 start_va = 0x1400000 end_va = 0x140bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2067 start_va = 0x1400000 end_va = 0x1401fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2068 start_va = 0x1400000 end_va = 0x147ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 2069 start_va = 0x1480000 end_va = 0x148dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2070 start_va = 0x1480000 end_va = 0x1483fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2071 start_va = 0x1480000 end_va = 0x148ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2072 start_va = 0x1490000 end_va = 0x1491fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2073 start_va = 0x1480000 end_va = 0x1483fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2088 start_va = 0x1480000 end_va = 0x1481fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2089 start_va = 0x1490000 end_va = 0x1495fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtcvsp1res.dll.mui" filename = "\\Windows\\System32\\en-US\\msdtcVSp1res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msdtcvsp1res.dll.mui") Region: id = 2090 start_va = 0x1480000 end_va = 0x1483fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2091 start_va = 0x14a0000 end_va = 0x151ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014a0000" filename = "" Region: id = 2092 start_va = 0x1520000 end_va = 0x1520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001520000" filename = "" Region: id = 2093 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2094 start_va = 0x1480000 end_va = 0x1480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001480000" filename = "" Region: id = 2095 start_va = 0x7ff901490000 end_va = 0x7ff901515fff monitored = 0 entry_point = 0x7ff90149d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2096 start_va = 0x7ff8ff4c0000 end_va = 0x7ff8ff4f1fff monitored = 0 entry_point = 0x7ff8ff4d2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2097 start_va = 0x7ff8f7720000 end_va = 0x7ff8f7754fff monitored = 0 entry_point = 0x7ff8f772a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 2508 start_va = 0x1530000 end_va = 0x1571fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001530000" filename = "" Region: id = 2509 start_va = 0x1580000 end_va = 0x167ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001580000" filename = "" Region: id = 2531 start_va = 0x1530000 end_va = 0x1573fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001530000" filename = "" Region: id = 2670 start_va = 0x1530000 end_va = 0x1571fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001530000" filename = "" Region: id = 2800 start_va = 0x1530000 end_va = 0x1571fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001530000" filename = "" Thread: id = 384 os_tid = 0x132c Thread: id = 385 os_tid = 0x1330 Thread: id = 386 os_tid = 0x1334 Thread: id = 387 os_tid = 0x1338 Thread: id = 388 os_tid = 0x133c [0129.172] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0129.173] GetProcAddress (hModule=0x7ff901280000, lpProcName="InitializeCriticalSectionEx") returned 0x7ff9012d7c50 [0129.173] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0129.173] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsAlloc") returned 0x7ff9012e7e50 [0129.174] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsSetValue") returned 0x7ff9012d3cb0 [0129.176] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0129.176] GetProcAddress (hModule=0x7ff901280000, lpProcName="InitializeCriticalSectionEx") returned 0x7ff9012d7c50 [0129.176] GetProcessHeap () returned 0x430000 [0129.176] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0129.177] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsAlloc") returned 0x7ff9012e7e50 [0129.177] GetLastError () returned 0x0 [0129.177] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsGetValue") returned 0x7ff9012c3780 [0129.177] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsSetValue") returned 0x7ff9012d3cb0 [0129.177] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c8) returned 0x4576f0 [0129.177] SetLastError (dwErrCode=0x0) [0129.178] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1200) returned 0x457ac0 [0129.180] GetStartupInfoW (in: lpStartupInfo=0xc1e2a0 | out: lpStartupInfo=0xc1e2a0*(cb=0x68, lpReserved="", lpDesktop="", lpTitle="C:\\Windows\\System32\\msdtc.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0xc1e704, hStdError=0x1)) [0129.180] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0129.180] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0129.180] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0129.180] GetCommandLineA () returned="C:\\Windows\\System32\\msdtc.exe" [0129.180] GetCommandLineW () returned="C:\\Windows\\System32\\msdtc.exe" [0129.181] GetACP () returned 0x4e4 [0129.181] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x228) returned 0x458cd0 [0129.181] IsValidCodePage (CodePage=0x4e4) returned 1 [0129.181] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0xc1e260 | out: lpCPInfo=0xc1e260) returned 1 [0129.181] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0xc1db00 | out: lpCPInfo=0xc1db00) returned 1 [0129.181] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc1db20, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0129.181] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc1db20, cbMultiByte=256, lpWideCharStr=0xc1d850, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿp") returned 256 [0129.181] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿp", cchSrc=256, lpCharType=0xc1de20 | out: lpCharType=0xc1de20) returned 1 [0129.182] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc1db20, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0129.182] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc1db20, cbMultiByte=256, lpWideCharStr=0xc1d7f0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0129.182] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0129.182] GetProcAddress (hModule=0x7ff901280000, lpProcName="LCMapStringEx") returned 0x7ff901295350 [0129.182] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0129.182] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0xc1d5e0, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0129.182] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0xc1dc20, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¸ÝÁ", lpUsedDefaultChar=0x0) returned 256 [0129.182] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc1db20, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0129.182] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc1db20, cbMultiByte=256, lpWideCharStr=0xc1d7f0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0129.182] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0129.182] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0xc1d5e0, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0129.183] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0xc1dd20, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0129.183] RtlInitializeSListHead (in: ListHead=0x7ff8f36775f0 | out: ListHead=0x7ff8f36775f0) [0129.183] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x458f00 [0129.183] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xc1e0f0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\msdtc.exe" (normalized: "c:\\windows\\system32\\msdtc.exe")) returned 0x1d [0129.183] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x7ff901c50000 [0129.184] GetProcAddress (hModule=0x7ff901c50000, lpProcName="AreFileApisANSI") returned 0x7ff901c74820 [0129.184] AreFileApisANSI () returned 1 [0129.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\System32\\msdtc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0129.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\System32\\msdtc.exe", cchWideChar=-1, lpMultiByteStr=0x7ff8f3677800, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\System32\\msdtc.exe", lpUsedDefaultChar=0x0) returned 30 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2e) returned 0x455c80 [0129.184] GetEnvironmentStringsW () returned 0x459f10* [0129.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1226, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1226 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x4ca) returned 0x45a8b0 [0129.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1226, lpMultiByteStr=0x45a8b0, cbMultiByte=1226, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1226 [0129.184] FreeEnvironmentStringsW (penv=0x459f10) returned 1 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xf8) returned 0x43ad10 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1f) returned 0x441c70 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x41) returned 0x445bd0 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x31) returned 0x455ac0 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c) returned 0x445450 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x31) returned 0x455bc0 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x14) returned 0x4505b0 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x24) returned 0x441d60 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x44) returned 0x445540 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x17) returned 0x450330 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xe) returned 0x450370 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xa2) returned 0x431f20 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3e) returned 0x445ae0 [0129.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1d) returned 0x441ca0 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x48) returned 0x445860 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x12) returned 0x4503d0 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x18) returned 0x4503f0 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1b) returned 0x441d90 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1e) returned 0x441dc0 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x29) returned 0x455980 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1e) returned 0x441df0 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x69) returned 0x433e30 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x17) returned 0x450430 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xf) returned 0x450450 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x16) returned 0x450530 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x15) returned 0x450490 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x14) returned 0x4505d0 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x15) returned 0x4505f0 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x11) returned 0x459fa0 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x35) returned 0x455900 [0129.185] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x12) returned 0x45a320 [0129.186] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x45a8b0 | out: hHeap=0x430000) returned 1 [0129.186] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7ff8f3652b60, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0xc1e3c0 | out: lpThreadId=0xc1e3c0*=0x1340) returned 0x1c8 Thread: id = 389 os_tid = 0x1340 [0129.253] GetLastError () returned 0x57 [0129.253] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsGetValue") returned 0x7ff9012c3780 [0129.253] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x80) returned 0x43f670 [0129.253] SetLastError (dwErrCode=0x57) [0129.253] GetLastError () returned 0x57 [0129.253] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c8) returned 0x45cc70 [0129.254] SetLastError (dwErrCode=0x57) [0129.254] GetSystemInfo (in: lpSystemInfo=0xc9f7c0 | out: lpSystemInfo=0xc9f7c0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0129.254] GlobalMemoryStatusEx (in: lpBuffer=0xc9f780 | out: lpBuffer=0xc9f780) returned 1 [0129.254] CreateFileW (lpFileName="\\\\.\\PhysicalDrive0" (normalized: "\\device\\harddisk0\\dr0"), dwDesiredAccess=0x0, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8 [0129.254] DeviceIoControl (in: hDevice=0x1d8, dwIoControlCode=0x70000, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0xc9fa20, nOutBufferSize=0x18, lpBytesReturned=0xc9f770, lpOverlapped=0x0 | out: lpOutBuffer=0xc9fa20*, lpBytesReturned=0xc9f770*=0x18, lpOverlapped=0x0) returned 1 [0129.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.254] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.254] GetLastError () returned 0x0 [0129.254] SetLastError (dwErrCode=0x0) [0129.254] GetLastError () returned 0x0 [0129.254] SetLastError (dwErrCode=0x0) [0129.254] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.255] SetLastError (dwErrCode=0x0) [0129.255] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.256] SetLastError (dwErrCode=0x0) [0129.256] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.257] GetLastError () returned 0x0 [0129.257] SetLastError (dwErrCode=0x0) [0129.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.258] GetLastError () returned 0x0 [0129.258] SetLastError (dwErrCode=0x0) [0129.258] GetLastError () returned 0x0 [0129.258] SetLastError (dwErrCode=0x0) [0129.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.258] GetLastError () returned 0x0 [0129.258] SetLastError (dwErrCode=0x0) [0129.258] GetLastError () returned 0x0 [0129.258] SetLastError (dwErrCode=0x0) [0129.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.258] GetLastError () returned 0x0 [0129.258] SetLastError (dwErrCode=0x0) [0129.258] GetLastError () returned 0x0 [0129.258] SetLastError (dwErrCode=0x0) [0129.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.258] GetLastError () returned 0x0 [0129.258] SetLastError (dwErrCode=0x0) [0129.258] GetLastError () returned 0x0 [0129.258] SetLastError (dwErrCode=0x0) [0129.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.258] GetLastError () returned 0x0 [0129.258] SetLastError (dwErrCode=0x0) [0129.258] GetLastError () returned 0x0 [0129.258] SetLastError (dwErrCode=0x0) [0129.258] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.258] GetLastError () returned 0x0 [0129.258] SetLastError (dwErrCode=0x0) [0129.258] GetLastError () returned 0x0 [0129.259] SetLastError (dwErrCode=0x0) [0129.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.259] GetLastError () returned 0x0 [0129.259] SetLastError (dwErrCode=0x0) [0129.259] GetLastError () returned 0x0 [0129.259] SetLastError (dwErrCode=0x0) [0129.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.259] GetLastError () returned 0x0 [0129.259] SetLastError (dwErrCode=0x0) [0129.259] GetLastError () returned 0x0 [0129.259] SetLastError (dwErrCode=0x0) [0129.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.259] GetLastError () returned 0x0 [0129.259] SetLastError (dwErrCode=0x0) [0129.259] GetLastError () returned 0x0 [0129.259] SetLastError (dwErrCode=0x0) [0129.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.259] GetLastError () returned 0x0 [0129.259] SetLastError (dwErrCode=0x0) [0129.259] GetLastError () returned 0x0 [0129.259] SetLastError (dwErrCode=0x0) [0129.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.259] GetLastError () returned 0x0 [0129.259] SetLastError (dwErrCode=0x0) [0129.259] GetLastError () returned 0x0 [0129.259] SetLastError (dwErrCode=0x0) [0129.259] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.259] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.260] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.260] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.260] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.260] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.260] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetLastError () returned 0x0 [0129.260] SetLastError (dwErrCode=0x0) [0129.260] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.261] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.261] GetLastError () returned 0x0 [0129.261] SetLastError (dwErrCode=0x0) [0129.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.262] GetLastError () returned 0x0 [0129.262] SetLastError (dwErrCode=0x0) [0129.262] GetLastError () returned 0x0 [0129.262] SetLastError (dwErrCode=0x0) [0129.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.262] GetLastError () returned 0x0 [0129.262] SetLastError (dwErrCode=0x0) [0129.262] GetLastError () returned 0x0 [0129.262] SetLastError (dwErrCode=0x0) [0129.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.262] GetLastError () returned 0x0 [0129.262] SetLastError (dwErrCode=0x0) [0129.262] GetLastError () returned 0x0 [0129.262] SetLastError (dwErrCode=0x0) [0129.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.262] GetLastError () returned 0x0 [0129.262] SetLastError (dwErrCode=0x0) [0129.262] GetLastError () returned 0x0 [0129.262] SetLastError (dwErrCode=0x0) [0129.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.262] GetLastError () returned 0x0 [0129.262] SetLastError (dwErrCode=0x0) [0129.262] GetLastError () returned 0x0 [0129.262] SetLastError (dwErrCode=0x0) [0129.262] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.262] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.263] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.263] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.263] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.263] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.263] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetLastError () returned 0x0 [0129.263] SetLastError (dwErrCode=0x0) [0129.263] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetLastError () returned 0x0 [0129.264] SetLastError (dwErrCode=0x0) [0129.264] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.265] GetLastError () returned 0x0 [0129.265] SetLastError (dwErrCode=0x0) [0129.265] GetLastError () returned 0x0 [0129.265] SetLastError (dwErrCode=0x0) [0129.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.265] GetLastError () returned 0x0 [0129.265] SetLastError (dwErrCode=0x0) [0129.265] GetLastError () returned 0x0 [0129.265] SetLastError (dwErrCode=0x0) [0129.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.265] GetLastError () returned 0x0 [0129.265] SetLastError (dwErrCode=0x0) [0129.265] GetLastError () returned 0x0 [0129.265] SetLastError (dwErrCode=0x0) [0129.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.265] GetLastError () returned 0x0 [0129.265] SetLastError (dwErrCode=0x0) [0129.265] GetLastError () returned 0x0 [0129.265] SetLastError (dwErrCode=0x0) [0129.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.265] GetLastError () returned 0x0 [0129.265] SetLastError (dwErrCode=0x0) [0129.265] GetLastError () returned 0x0 [0129.265] SetLastError (dwErrCode=0x0) [0129.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.265] GetLastError () returned 0x0 [0129.265] SetLastError (dwErrCode=0x0) [0129.266] GetLastError () returned 0x0 [0129.266] SetLastError (dwErrCode=0x0) [0129.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.266] GetLastError () returned 0x0 [0129.266] SetLastError (dwErrCode=0x0) [0129.266] GetLastError () returned 0x0 [0129.266] SetLastError (dwErrCode=0x0) [0129.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.266] GetLastError () returned 0x0 [0129.266] SetLastError (dwErrCode=0x0) [0129.266] GetLastError () returned 0x0 [0129.266] SetLastError (dwErrCode=0x0) [0129.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.266] GetLastError () returned 0x0 [0129.266] SetLastError (dwErrCode=0x0) [0129.266] GetLastError () returned 0x0 [0129.266] SetLastError (dwErrCode=0x0) [0129.266] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x78204d0d, dwHighDateTime=0x1d947a8)) [0129.266] GetLastError () returned 0x0 [0129.266] SetLastError (dwErrCode=0x0) [0129.266] GetLastError () returned 0x0 [0129.267] SetLastError (dwErrCode=0x0) [0129.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.267] GetLastError () returned 0x0 [0129.267] SetLastError (dwErrCode=0x0) [0129.267] GetLastError () returned 0x0 [0129.267] SetLastError (dwErrCode=0x0) [0129.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.267] GetLastError () returned 0x0 [0129.267] SetLastError (dwErrCode=0x0) [0129.267] GetLastError () returned 0x0 [0129.267] SetLastError (dwErrCode=0x0) [0129.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.267] GetLastError () returned 0x0 [0129.267] SetLastError (dwErrCode=0x0) [0129.267] GetLastError () returned 0x0 [0129.267] SetLastError (dwErrCode=0x0) [0129.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.267] GetLastError () returned 0x0 [0129.267] SetLastError (dwErrCode=0x0) [0129.267] GetLastError () returned 0x0 [0129.267] SetLastError (dwErrCode=0x0) [0129.267] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetLastError () returned 0x0 [0129.268] SetLastError (dwErrCode=0x0) [0129.268] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.269] GetLastError () returned 0x0 [0129.269] SetLastError (dwErrCode=0x0) [0129.269] GetLastError () returned 0x0 [0129.269] SetLastError (dwErrCode=0x0) [0129.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.269] GetLastError () returned 0x0 [0129.269] SetLastError (dwErrCode=0x0) [0129.269] GetLastError () returned 0x0 [0129.269] SetLastError (dwErrCode=0x0) [0129.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.269] GetLastError () returned 0x0 [0129.269] SetLastError (dwErrCode=0x0) [0129.269] GetLastError () returned 0x0 [0129.269] SetLastError (dwErrCode=0x0) [0129.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.269] GetLastError () returned 0x0 [0129.269] SetLastError (dwErrCode=0x0) [0129.269] GetLastError () returned 0x0 [0129.269] SetLastError (dwErrCode=0x0) [0129.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.269] GetLastError () returned 0x0 [0129.269] SetLastError (dwErrCode=0x0) [0129.269] GetLastError () returned 0x0 [0129.269] SetLastError (dwErrCode=0x0) [0129.269] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.269] GetLastError () returned 0x0 [0129.269] SetLastError (dwErrCode=0x0) [0129.269] GetLastError () returned 0x0 [0129.270] SetLastError (dwErrCode=0x0) [0129.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.270] GetLastError () returned 0x0 [0129.270] SetLastError (dwErrCode=0x0) [0129.270] GetLastError () returned 0x0 [0129.270] SetLastError (dwErrCode=0x0) [0129.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.270] GetLastError () returned 0x0 [0129.270] SetLastError (dwErrCode=0x0) [0129.270] GetLastError () returned 0x0 [0129.270] SetLastError (dwErrCode=0x0) [0129.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.270] GetLastError () returned 0x0 [0129.270] SetLastError (dwErrCode=0x0) [0129.270] GetLastError () returned 0x0 [0129.270] SetLastError (dwErrCode=0x0) [0129.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.270] GetLastError () returned 0x0 [0129.270] SetLastError (dwErrCode=0x0) [0129.270] GetLastError () returned 0x0 [0129.270] SetLastError (dwErrCode=0x0) [0129.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.270] GetLastError () returned 0x0 [0129.270] SetLastError (dwErrCode=0x0) [0129.270] GetLastError () returned 0x0 [0129.270] SetLastError (dwErrCode=0x0) [0129.270] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.270] GetLastError () returned 0x0 [0129.271] SetLastError (dwErrCode=0x0) [0129.271] GetLastError () returned 0x0 [0129.271] SetLastError (dwErrCode=0x0) [0129.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.271] GetLastError () returned 0x0 [0129.271] SetLastError (dwErrCode=0x0) [0129.271] GetLastError () returned 0x0 [0129.271] SetLastError (dwErrCode=0x0) [0129.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.271] GetLastError () returned 0x0 [0129.271] SetLastError (dwErrCode=0x0) [0129.271] GetLastError () returned 0x0 [0129.271] SetLastError (dwErrCode=0x0) [0129.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.271] GetLastError () returned 0x0 [0129.271] SetLastError (dwErrCode=0x0) [0129.271] GetLastError () returned 0x0 [0129.271] SetLastError (dwErrCode=0x0) [0129.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.271] GetLastError () returned 0x0 [0129.271] SetLastError (dwErrCode=0x0) [0129.271] GetLastError () returned 0x0 [0129.271] SetLastError (dwErrCode=0x0) [0129.271] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.271] GetLastError () returned 0x0 [0129.271] SetLastError (dwErrCode=0x0) [0129.271] GetLastError () returned 0x0 [0129.272] SetLastError (dwErrCode=0x0) [0129.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.272] GetLastError () returned 0x0 [0129.272] SetLastError (dwErrCode=0x0) [0129.272] GetLastError () returned 0x0 [0129.272] SetLastError (dwErrCode=0x0) [0129.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.272] GetLastError () returned 0x0 [0129.272] SetLastError (dwErrCode=0x0) [0129.272] GetLastError () returned 0x0 [0129.272] SetLastError (dwErrCode=0x0) [0129.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.272] GetLastError () returned 0x0 [0129.272] SetLastError (dwErrCode=0x0) [0129.272] GetLastError () returned 0x0 [0129.272] SetLastError (dwErrCode=0x0) [0129.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.272] GetLastError () returned 0x0 [0129.272] SetLastError (dwErrCode=0x0) [0129.272] GetLastError () returned 0x0 [0129.272] SetLastError (dwErrCode=0x0) [0129.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.272] GetLastError () returned 0x0 [0129.272] SetLastError (dwErrCode=0x0) [0129.272] GetLastError () returned 0x0 [0129.272] SetLastError (dwErrCode=0x0) [0129.272] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.272] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.273] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.273] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.273] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.273] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.273] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetLastError () returned 0x0 [0129.273] SetLastError (dwErrCode=0x0) [0129.273] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.274] GetLastError () returned 0x0 [0129.274] SetLastError (dwErrCode=0x0) [0129.274] GetLastError () returned 0x0 [0129.274] SetLastError (dwErrCode=0x0) [0129.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.274] GetLastError () returned 0x0 [0129.274] SetLastError (dwErrCode=0x0) [0129.274] GetLastError () returned 0x0 [0129.274] SetLastError (dwErrCode=0x0) [0129.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.274] GetLastError () returned 0x0 [0129.274] SetLastError (dwErrCode=0x0) [0129.274] GetLastError () returned 0x0 [0129.274] SetLastError (dwErrCode=0x0) [0129.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.274] GetLastError () returned 0x0 [0129.274] SetLastError (dwErrCode=0x0) [0129.274] GetLastError () returned 0x0 [0129.274] SetLastError (dwErrCode=0x0) [0129.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.274] GetLastError () returned 0x0 [0129.274] SetLastError (dwErrCode=0x0) [0129.274] GetLastError () returned 0x0 [0129.274] SetLastError (dwErrCode=0x0) [0129.274] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.274] GetLastError () returned 0x0 [0129.274] SetLastError (dwErrCode=0x0) [0129.274] GetLastError () returned 0x0 [0129.275] SetLastError (dwErrCode=0x0) [0129.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.275] GetLastError () returned 0x0 [0129.275] SetLastError (dwErrCode=0x0) [0129.275] GetLastError () returned 0x0 [0129.275] SetLastError (dwErrCode=0x0) [0129.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.275] GetLastError () returned 0x0 [0129.275] SetLastError (dwErrCode=0x0) [0129.275] GetLastError () returned 0x0 [0129.275] SetLastError (dwErrCode=0x0) [0129.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.275] GetLastError () returned 0x0 [0129.275] SetLastError (dwErrCode=0x0) [0129.275] GetLastError () returned 0x0 [0129.275] SetLastError (dwErrCode=0x0) [0129.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.275] GetLastError () returned 0x0 [0129.275] SetLastError (dwErrCode=0x0) [0129.275] GetLastError () returned 0x0 [0129.275] SetLastError (dwErrCode=0x0) [0129.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.275] GetLastError () returned 0x0 [0129.275] SetLastError (dwErrCode=0x0) [0129.275] GetLastError () returned 0x0 [0129.275] SetLastError (dwErrCode=0x0) [0129.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.275] GetLastError () returned 0x0 [0129.276] SetLastError (dwErrCode=0x0) [0129.276] GetLastError () returned 0x0 [0129.276] SetLastError (dwErrCode=0x0) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.276] GetLastError () returned 0x0 [0129.276] SetLastError (dwErrCode=0x0) [0129.276] GetLastError () returned 0x0 [0129.276] SetLastError (dwErrCode=0x0) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.276] GetLastError () returned 0x0 [0129.276] SetLastError (dwErrCode=0x0) [0129.276] GetLastError () returned 0x0 [0129.276] SetLastError (dwErrCode=0x0) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.276] GetLastError () returned 0x0 [0129.276] SetLastError (dwErrCode=0x0) [0129.276] GetLastError () returned 0x0 [0129.276] SetLastError (dwErrCode=0x0) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.278] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.280] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.281] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xc9f730 | out: lpSystemTimeAsFileTime=0xc9f730*(dwLowDateTime=0x7822af21, dwHighDateTime=0x1d947a8)) [0129.294] FindFirstFileExW (in: lpFileName="I:\\*.*" (normalized: "i:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9ebd0) returned 0xffffffffffffffff [0129.294] GetLastError () returned 0x3 [0129.294] GetLastError () returned 0x3 [0129.295] SetLastError (dwErrCode=0x3) [0129.306] FindFirstFileExW (in: lpFileName="H:\\*.*" (normalized: "h:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9ebd0) returned 0xffffffffffffffff [0129.395] GetLastError () returned 0x3 [0129.395] GetLastError () returned 0x3 [0129.395] SetLastError (dwErrCode=0x3) [0129.408] FindFirstFileExW (in: lpFileName="G:\\*.*" (normalized: "g:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9ebd0) returned 0xffffffffffffffff [0129.409] GetLastError () returned 0x3 [0129.409] GetLastError () returned 0x3 [0129.409] SetLastError (dwErrCode=0x3) [0129.421] FindFirstFileExW (in: lpFileName="F:\\*.*" (normalized: "f:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9ebd0) returned 0xffffffffffffffff [0129.421] GetLastError () returned 0x3 [0129.421] GetLastError () returned 0x3 [0129.421] SetLastError (dwErrCode=0x3) [0129.430] FindFirstFileExW (in: lpFileName="E:\\*.*" (normalized: "e:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9ebd0) returned 0xffffffffffffffff [0129.651] GetLastError () returned 0x3 [0129.651] GetLastError () returned 0x3 [0129.651] SetLastError (dwErrCode=0x3) [0129.658] FindFirstFileExW (in: lpFileName="D:\\*.*" (normalized: "d:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9ebd0) returned 0xffffffffffffffff [0129.659] GetLastError () returned 0x3 [0129.659] GetLastError () returned 0x3 [0129.659] SetLastError (dwErrCode=0x3) [0129.659] FindFirstFileExW (in: lpFileName="C:\\Users\\*.*" (normalized: "c:\\users\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9ebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9ebd0) returned 0x440350 [0129.659] FileTimeToSystemTime (in: lpFileTime=0xc9ebd4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.660] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.661] GetEnvironmentStringsW () returned 0x45e350* [0129.661] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x994) returned 0x45ecf0 [0129.661] FreeEnvironmentStringsW (penv=0x45e350) returned 1 [0129.661] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xf8) returned 0x43f4d0 [0129.661] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3e) returned 0x445d10 [0129.661] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x82) returned 0x430750 [0129.661] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x62) returned 0x434080 [0129.661] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x78) returned 0x4336b0 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x62) returned 0x4340f0 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x28) returned 0x43b0a0 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x48) returned 0x4453b0 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x88) returned 0x435320 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2e) returned 0x455a80 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1c) returned 0x43b2e0 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x144) returned 0x434e80 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x7c) returned 0x45bc30 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3a) returned 0x4452c0 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x90) returned 0x441360 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x24) returned 0x43b010 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x30) returned 0x455a40 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x36) returned 0x455f00 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c) returned 0x445c70 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x52) returned 0x43fc30 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c) returned 0x4455e0 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xd2) returned 0x4566d0 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2e) returned 0x456000 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1e) returned 0x43b460 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2c) returned 0x4559c0 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2a) returned 0x455e80 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x28) returned 0x43ae90 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2a) returned 0x455d00 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x22) returned 0x43b310 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x6a) returned 0x45bcc0 [0129.662] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x24) returned 0x43af80 [0129.663] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x45ecf0 | out: hHeap=0x430000) returned 1 [0129.663] GetTimeZoneInformation (in: lpTimeZoneInformation=0x7ff8f3678280 | out: lpTimeZoneInformation=0x7ff8f3678280) returned 0x1 [0129.663] GetLastError () returned 0x3 [0129.663] SetLastError (dwErrCode=0x3) [0129.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="W. Europe Standard Time", cchWideChar=-1, lpMultiByteStr=0x7ff8f3676a20, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="W. Europe Standard Time", lpUsedDefaultChar=0x0) returned 24 [0129.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="W. Europe Daylight Time", cchWideChar=-1, lpMultiByteStr=0x7ff8f3676a60, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="W. Europe Daylight Time", lpUsedDefaultChar=0x0) returned 24 [0129.664] FileTimeToSystemTime (in: lpFileTime=0xc9ebdc, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.664] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.664] FileTimeToSystemTime (in: lpFileTime=0xc9ebe4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.664] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.664] FindNextFileW (in: hFindFile=0x440350, lpFindFileData=0xc9ebd0 | out: lpFindFileData=0xc9ebd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa425368c, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.664] FileTimeToSystemTime (in: lpFileTime=0xc9ebd4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.664] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.664] FileTimeToSystemTime (in: lpFileTime=0xc9ebdc, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.664] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.664] FileTimeToSystemTime (in: lpFileTime=0xc9ebe4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.664] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.665] FindNextFileW (in: hFindFile=0x440350, lpFindFileData=0xc9ebd0 | out: lpFindFileData=0xc9ebd0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x4f6643a1, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x4f6643a1, ftLastAccessTime.dwHighDateTime=0x1d112ea, ftLastWriteTime.dwLowDateTime=0x4f6643a1, ftLastWriteTime.dwHighDateTime=0x1d112ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0129.665] FileTimeToSystemTime (in: lpFileTime=0xc9ebd4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.665] FileTimeToSystemTime (in: lpFileTime=0xc9ebdc, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.665] FileTimeToSystemTime (in: lpFileTime=0xc9ebe4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.665] FindNextFileW (in: hFindFile=0x440350, lpFindFileData=0xc9ebd0 | out: lpFindFileData=0xc9ebd0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0129.665] FileTimeToSystemTime (in: lpFileTime=0xc9ebd4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.665] FileTimeToSystemTime (in: lpFileTime=0xc9ebdc, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.665] FileTimeToSystemTime (in: lpFileTime=0xc9ebe4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.666] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\*.*" (normalized: "c:\\users\\default\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9e2e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9e2e0) returned 0x43fcf0 [0129.668] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.668] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.668] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.668] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.668] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.668] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.668] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x70, cFileName="..", cAlternateFileName="")) returned 1 [0129.670] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.670] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.670] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.670] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.670] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.670] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.670] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x70, cFileName="AppData", cAlternateFileName="")) returned 1 [0129.670] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.670] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.670] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.670] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.670] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.670] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.671] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d54d8a8, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d54d8a8, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d54d8a8, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x70, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0129.671] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.671] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.671] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.671] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.671] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.671] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.671] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Application Data\\*.*" (normalized: "c:\\users\\default\\application data\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.672] GetLastError () returned 0x5 [0129.672] GetLastError () returned 0x5 [0129.672] SetLastError (dwErrCode=0x5) [0129.672] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x70, cFileName="Cookies", cAlternateFileName="")) returned 1 [0129.672] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.672] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.672] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.672] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.672] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.672] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.674] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Cookies\\*.*" (normalized: "c:\\users\\default\\cookies\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.674] GetLastError () returned 0x5 [0129.675] GetLastError () returned 0x5 [0129.675] SetLastError (dwErrCode=0x5) [0129.675] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x70, cFileName="Desktop", cAlternateFileName="")) returned 1 [0129.675] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.675] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.675] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.675] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.675] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.675] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.675] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Desktop\\*.*" (normalized: "c:\\users\\default\\desktop\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43fc90 [0129.675] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.675] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.676] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.676] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.676] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.676] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.676] FindNextFileW (in: hFindFile=0x43fc90, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 1 [0129.676] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.676] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.676] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.676] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.676] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.676] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.676] FindNextFileW (in: hFindFile=0x43fc90, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 0 [0129.676] GetLastError () returned 0x12 [0129.676] GetLastError () returned 0x12 [0129.677] SetLastError (dwErrCode=0x12) [0129.677] FindClose (in: hFindFile=0x43fc90 | out: hFindFile=0x43fc90) returned 1 [0129.677] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x70, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0129.677] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.677] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.677] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.677] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.677] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.677] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.677] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Documents\\*.*" (normalized: "c:\\users\\default\\documents\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x4407d0 [0129.679] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.679] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.679] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.679] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.680] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.680] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.680] FindNextFileW (in: hFindFile=0x4407d0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0129.680] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.680] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.680] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.680] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.680] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.680] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.680] FindNextFileW (in: hFindFile=0x4407d0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0129.680] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.680] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.680] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.680] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.680] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.681] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.681] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*.*" (normalized: "c:\\users\\default\\documents\\my music\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0xffffffffffffffff [0129.681] GetLastError () returned 0x5 [0129.681] GetLastError () returned 0x5 [0129.681] SetLastError (dwErrCode=0x5) [0129.681] FindNextFileW (in: hFindFile=0x4407d0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0129.681] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.681] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.681] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.681] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.681] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.681] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.682] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*.*" (normalized: "c:\\users\\default\\documents\\my pictures\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0xffffffffffffffff [0129.682] GetLastError () returned 0x5 [0129.682] GetLastError () returned 0x5 [0129.682] SetLastError (dwErrCode=0x5) [0129.682] FindNextFileW (in: hFindFile=0x4407d0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0129.682] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.682] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.682] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.682] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.682] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.682] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.682] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*.*" (normalized: "c:\\users\\default\\documents\\my videos\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0xffffffffffffffff [0129.682] GetLastError () returned 0x5 [0129.682] GetLastError () returned 0x5 [0129.682] SetLastError (dwErrCode=0x5) [0129.682] FindNextFileW (in: hFindFile=0x4407d0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="My Videos", cAlternateFileName="")) returned 0 [0129.683] GetLastError () returned 0x12 [0129.683] GetLastError () returned 0x12 [0129.683] SetLastError (dwErrCode=0x12) [0129.683] FindClose (in: hFindFile=0x4407d0 | out: hFindFile=0x4407d0) returned 1 [0129.684] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x63006f, dwReserved1=0x6d0075, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0129.684] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.684] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.684] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.684] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.684] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.684] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.684] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Downloads\\*.*" (normalized: "c:\\users\\default\\downloads\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x4405f0 [0129.684] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.684] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.685] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.685] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.685] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.685] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.685] FindNextFileW (in: hFindFile=0x4405f0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0129.685] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.685] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.685] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.685] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.685] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.685] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.685] FindNextFileW (in: hFindFile=0x4405f0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0129.685] GetLastError () returned 0x12 [0129.685] GetLastError () returned 0x12 [0129.685] SetLastError (dwErrCode=0x12) [0129.685] FindClose (in: hFindFile=0x4405f0 | out: hFindFile=0x4405f0) returned 1 [0129.686] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x63006f, dwReserved1=0x6d0075, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0129.686] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.686] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.686] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.686] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.686] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.686] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.686] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Favorites\\*.*" (normalized: "c:\\users\\default\\favorites\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43ff30 [0129.686] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.686] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.686] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.686] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.687] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.687] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.687] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0129.687] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.687] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.687] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.687] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.687] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.687] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.687] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0129.687] GetLastError () returned 0x12 [0129.687] GetLastError () returned 0x12 [0129.687] SetLastError (dwErrCode=0x12) [0129.687] FindClose (in: hFindFile=0x43ff30 | out: hFindFile=0x43ff30) returned 1 [0129.687] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x63006f, dwReserved1=0x6d0075, cFileName="Links", cAlternateFileName="")) returned 1 [0129.688] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.688] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.688] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.688] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.688] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.688] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.688] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Links\\*.*" (normalized: "c:\\users\\default\\links\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43f9f0 [0129.730] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.730] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.730] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.730] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.730] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.730] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.730] FindNextFileW (in: hFindFile=0x43f9f0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0129.730] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.730] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.730] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.730] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.731] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.731] FindNextFileW (in: hFindFile=0x43f9f0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0129.731] GetLastError () returned 0x12 [0129.731] GetLastError () returned 0x12 [0129.731] SetLastError (dwErrCode=0x12) [0129.731] FindClose (in: hFindFile=0x43f9f0 | out: hFindFile=0x43f9f0) returned 1 [0129.731] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0129.731] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.731] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.731] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.731] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Local Settings\\*.*" (normalized: "c:\\users\\default\\local settings\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.732] GetLastError () returned 0x5 [0129.732] GetLastError () returned 0x5 [0129.732] SetLastError (dwErrCode=0x5) [0129.732] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Music", cAlternateFileName="")) returned 1 [0129.732] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.732] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.732] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.732] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.732] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.732] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.732] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Music\\*.*" (normalized: "c:\\users\\default\\music\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43ff30 [0129.733] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.733] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.733] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.733] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.733] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.733] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.733] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0129.733] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.733] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.733] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.733] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.733] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.733] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.733] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0129.734] GetLastError () returned 0x12 [0129.734] GetLastError () returned 0x12 [0129.734] SetLastError (dwErrCode=0x12) [0129.734] FindClose (in: hFindFile=0x43ff30 | out: hFindFile=0x43ff30) returned 1 [0129.734] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0129.734] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.734] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.734] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.734] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.734] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.734] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.734] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\My Documents\\*.*" (normalized: "c:\\users\\default\\my documents\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.734] GetLastError () returned 0x5 [0129.734] GetLastError () returned 0x5 [0129.735] SetLastError (dwErrCode=0x5) [0129.735] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NetHood", cAlternateFileName="")) returned 1 [0129.735] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.735] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.735] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.735] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.735] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.735] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.736] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\NetHood\\*.*" (normalized: "c:\\users\\default\\nethood\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.736] GetLastError () returned 0x5 [0129.736] GetLastError () returned 0x5 [0129.736] SetLastError (dwErrCode=0x5) [0129.736] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x31bfa5a5, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xea64ab63, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xea64ab63, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0129.736] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.736] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.736] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.736] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.736] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.736] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.736] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x31cb9166, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x31cb9166, ftLastAccessTime.dwHighDateTime=0x1d112dc, ftLastWriteTime.dwLowDateTime=0x31cb9166, ftLastWriteTime.dwHighDateTime=0x1d112dc, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0129.736] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.736] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.737] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.737] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.737] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.737] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.737] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x31cb9166, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x31cb9166, ftLastAccessTime.dwHighDateTime=0x1d112dc, ftLastWriteTime.dwLowDateTime=0x31cb9166, ftLastWriteTime.dwHighDateTime=0x1d112dc, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0129.737] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.737] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.737] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.737] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.737] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.737] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.737] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d5f4e96, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d5f4e96, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0129.737] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.737] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.738] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.738] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.738] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.738] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.738] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d5f4e96, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d5f4e96, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0129.738] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.738] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.738] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.738] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.738] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.738] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.738] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d61ae52, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d61ae52, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0129.738] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.738] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.738] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.739] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.739] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.739] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.739] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Pictures", cAlternateFileName="")) returned 1 [0129.739] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.739] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.739] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.739] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.739] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.739] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.739] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Pictures\\*.*" (normalized: "c:\\users\\default\\pictures\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x4405f0 [0129.740] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.740] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.740] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.740] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.740] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.740] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.740] FindNextFileW (in: hFindFile=0x4405f0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0129.740] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.740] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.740] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.740] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.740] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.740] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.740] FindNextFileW (in: hFindFile=0x4405f0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0129.741] GetLastError () returned 0x12 [0129.741] GetLastError () returned 0x12 [0129.741] SetLastError (dwErrCode=0x12) [0129.741] FindClose (in: hFindFile=0x4405f0 | out: hFindFile=0x4405f0) returned 1 [0129.741] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0129.741] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.741] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.741] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.741] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.741] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.741] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.741] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*.*" (normalized: "c:\\users\\default\\printhood\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.741] GetLastError () returned 0x5 [0129.741] GetLastError () returned 0x5 [0129.741] SetLastError (dwErrCode=0x5) [0129.741] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Recent", cAlternateFileName="")) returned 1 [0129.742] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.742] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.742] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.742] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Recent\\*.*" (normalized: "c:\\users\\default\\recent\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.742] GetLastError () returned 0x5 [0129.742] GetLastError () returned 0x5 [0129.742] SetLastError (dwErrCode=0x5) [0129.742] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0129.742] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.742] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.742] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.743] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.743] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*.*" (normalized: "c:\\users\\default\\saved games\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43f9f0 [0129.743] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.743] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.743] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.743] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.743] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.743] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.743] FindNextFileW (in: hFindFile=0x43f9f0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0129.743] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.743] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.744] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.744] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.744] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.744] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.744] FindNextFileW (in: hFindFile=0x43f9f0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0129.744] GetLastError () returned 0x12 [0129.744] GetLastError () returned 0x12 [0129.744] SetLastError (dwErrCode=0x12) [0129.744] FindClose (in: hFindFile=0x43f9f0 | out: hFindFile=0x43f9f0) returned 1 [0129.744] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="SendTo", cAlternateFileName="")) returned 1 [0129.744] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.744] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.744] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.744] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.744] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.744] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.745] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\SendTo\\*.*" (normalized: "c:\\users\\default\\sendto\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.745] GetLastError () returned 0x5 [0129.745] GetLastError () returned 0x5 [0129.745] SetLastError (dwErrCode=0x5) [0129.745] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0129.745] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.745] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.745] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.745] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.745] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.745] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.745] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*.*" (normalized: "c:\\users\\default\\start menu\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.745] GetLastError () returned 0x5 [0129.745] GetLastError () returned 0x5 [0129.745] SetLastError (dwErrCode=0x5) [0129.746] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0129.746] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.746] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.746] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.746] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Templates\\*.*" (normalized: "c:\\users\\default\\templates\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.746] GetLastError () returned 0x5 [0129.746] GetLastError () returned 0x5 [0129.746] SetLastError (dwErrCode=0x5) [0129.746] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Videos", cAlternateFileName="")) returned 1 [0129.746] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.746] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.747] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.747] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.747] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Videos\\*.*" (normalized: "c:\\users\\default\\videos\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x4405f0 [0129.747] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.747] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.747] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.747] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.747] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.747] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.747] FindNextFileW (in: hFindFile=0x4405f0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0129.747] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.748] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.748] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.748] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.748] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.748] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.748] FindNextFileW (in: hFindFile=0x4405f0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0129.748] GetLastError () returned 0x12 [0129.748] GetLastError () returned 0x12 [0129.748] SetLastError (dwErrCode=0x12) [0129.748] FindClose (in: hFindFile=0x4405f0 | out: hFindFile=0x4405f0) returned 1 [0129.748] FindNextFileW (in: hFindFile=0x43fcf0, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Videos", cAlternateFileName="翸")) returned 0 [0129.748] GetLastError () returned 0x12 [0129.748] GetLastError () returned 0x12 [0129.748] SetLastError (dwErrCode=0x12) [0129.748] FindClose (in: hFindFile=0x43fcf0 | out: hFindFile=0x43fcf0) returned 1 [0129.748] FindNextFileW (in: hFindFile=0x440350, lpFindFileData=0xc9ebd0 | out: lpFindFileData=0xc9ebd0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x4f6643a1, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x4f6643a1, ftLastAccessTime.dwHighDateTime=0x1d112ea, ftLastWriteTime.dwLowDateTime=0x4f6643a1, ftLastWriteTime.dwHighDateTime=0x1d112ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6f0065, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0129.749] FileTimeToSystemTime (in: lpFileTime=0xc9ebd4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.749] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.749] FileTimeToSystemTime (in: lpFileTime=0xc9ebdc, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.749] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.749] FileTimeToSystemTime (in: lpFileTime=0xc9ebe4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.749] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.749] FindFirstFileExW (in: lpFileName="C:\\Users\\Default User\\*.*" (normalized: "c:\\users\\default user\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9e2e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9e2e0) returned 0xffffffffffffffff [0129.749] GetLastError () returned 0x5 [0129.749] GetLastError () returned 0x5 [0129.749] SetLastError (dwErrCode=0x5) [0129.749] FindNextFileW (in: hFindFile=0x440350, lpFindFileData=0xc9ebd0 | out: lpFindFileData=0xc9ebd0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3757c8c, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x973af366, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x973af366, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x6f0065, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0129.749] FileTimeToSystemTime (in: lpFileTime=0xc9ebd4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.749] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.750] FileTimeToSystemTime (in: lpFileTime=0xc9ebdc, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.750] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.750] FileTimeToSystemTime (in: lpFileTime=0xc9ebe4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.750] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.752] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x58) returned 0x43fab0 [0129.752] CreateFileW (lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc94aa8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0129.752] GetFileType (hFile=0x1e8) returned 0x1 [0129.753] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0x0, lpNewFilePointer=0xc94c38, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc94c38*=174) returned 1 [0129.753] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0x0, lpNewFilePointer=0xc94be8, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc94be8*=174) returned 1 [0129.753] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0x0, lpNewFilePointer=0xc94c38, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc94c38*=0) returned 1 [0129.753] ReadFile (in: hFile=0x1e8, lpBuffer=0xc94df0, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc94ba8, lpOverlapped=0x0 | out: lpBuffer=0xc94df0*, lpNumberOfBytesRead=0xc94ba8*=0xae, lpOverlapped=0x0) returned 1 [0129.754] ReadFile (in: hFile=0x1e8, lpBuffer=0xc94e9e, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc94ba8, lpOverlapped=0x0 | out: lpBuffer=0xc94e9e*, lpNumberOfBytesRead=0xc94ba8*=0x0, lpOverlapped=0x0) returned 1 [0129.754] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xb0) returned 0x43c2e0 [0129.754] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xb0) returned 0x43bb60 [0129.755] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x43c2e0 | out: hHeap=0x430000) returned 1 [0129.755] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0x0, lpNewFilePointer=0xc94c38, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc94c38*=0) returned 1 [0129.755] WriteFile (in: hFile=0x1e8, lpBuffer=0xc99df0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc94aa4, lpOverlapped=0x0 | out: lpBuffer=0xc99df0*, lpNumberOfBytesWritten=0xc94aa4*=0x5000, lpOverlapped=0x0) returned 1 [0129.757] SetFilePointerEx (in: hFile=0x1e8, liDistanceToMove=0x0, lpNewFilePointer=0xc94c38, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc94c38*=20480) returned 1 [0129.758] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x45f360 [0129.758] WriteFile (in: hFile=0x1e8, lpBuffer=0x45f360*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0xc94b34, lpOverlapped=0x0 | out: lpBuffer=0x45f360*, lpNumberOfBytesWritten=0xc94b34*=0x1b0, lpOverlapped=0x0) returned 1 [0129.758] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x45f360 | out: hHeap=0x430000) returned 1 [0129.759] CloseHandle (hObject=0x1e8) returned 1 [0129.765] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x43bb60 | out: hHeap=0x430000) returned 1 [0129.765] FindNextFileW (in: hFindFile=0x440350, lpFindFileData=0xc9ebd0 | out: lpFindFileData=0xc9ebd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0129.765] FileTimeToSystemTime (in: lpFileTime=0xc9ebd4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.765] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.765] FileTimeToSystemTime (in: lpFileTime=0xc9ebdc, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.765] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.765] FileTimeToSystemTime (in: lpFileTime=0xc9ebe4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.765] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.765] FindNextFileW (in: hFindFile=0x440350, lpFindFileData=0xc9ebd0 | out: lpFindFileData=0xc9ebd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RDhJ0CNFevzX", cAlternateFileName="RDHJ0C~1")) returned 1 [0129.765] FileTimeToSystemTime (in: lpFileTime=0xc9ebd4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.765] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.766] FileTimeToSystemTime (in: lpFileTime=0xc9ebdc, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.766] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.766] FileTimeToSystemTime (in: lpFileTime=0xc9ebe4, lpSystemTime=0xc9eb70 | out: lpSystemTime=0xc9eb70) returned 1 [0129.766] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9eb70, lpLocalTime=0xc9eb60 | out: lpLocalTime=0xc9eb60) returned 1 [0129.766] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9e2e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9e2e0) returned 0x440710 [0129.766] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.766] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.766] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.766] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.766] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.816] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.816] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.816] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.816] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.817] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.817] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.817] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.817] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.817] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0129.817] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.817] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.817] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.817] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.817] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.817] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.817] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0129.817] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.817] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.818] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.818] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.818] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.818] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.818] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\application data\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.818] GetLastError () returned 0x5 [0129.818] GetLastError () returned 0x5 [0129.818] SetLastError (dwErrCode=0x5) [0129.818] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0129.818] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.819] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.819] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.819] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.819] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.819] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.819] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x440110 [0129.819] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.819] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.819] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.819] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.820] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.820] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.820] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 1 [0129.820] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.820] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.820] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.820] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.821] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.821] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.821] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0129.821] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.821] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.821] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.821] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.821] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.821] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.822] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0129.822] GetFileType (hFile=0x21c) returned 0x1 [0129.822] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=412) returned 1 [0129.822] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=412) returned 1 [0129.822] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0129.822] ReadFile (in: hFile=0x21c, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x19c, lpOverlapped=0x0) returned 1 [0129.824] ReadFile (in: hFile=0x21c, lpBuffer=0xc93dac, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93dac*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0129.824] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1a0) returned 0x462aa0 [0129.824] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1a0) returned 0x462c50 [0129.824] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462aa0 | out: hHeap=0x430000) returned 1 [0129.824] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0129.825] WriteFile (in: hFile=0x21c, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0129.826] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0129.826] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x462e00 [0129.826] WriteFile (in: hFile=0x21c, lpBuffer=0x462e00*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x462e00*, lpNumberOfBytesWritten=0xc93954*=0x2a0, lpOverlapped=0x0) returned 1 [0129.827] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462e00 | out: hHeap=0x430000) returned 1 [0129.827] CloseHandle (hObject=0x21c) returned 1 [0129.830] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462c50 | out: hHeap=0x430000) returned 1 [0129.830] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0129.830] GetLastError () returned 0x12 [0129.830] GetLastError () returned 0x12 [0129.831] SetLastError (dwErrCode=0x12) [0129.831] FindClose (in: hFindFile=0x440110 | out: hFindFile=0x440110) returned 1 [0129.831] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0129.831] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.831] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.831] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.831] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.831] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.831] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.831] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\cookies\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0129.831] GetLastError () returned 0x5 [0129.832] GetLastError () returned 0x5 [0129.832] SetLastError (dwErrCode=0x5) [0129.832] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x70b46c13, ftLastAccessTime.dwHighDateTime=0x1d947a8, ftLastWriteTime.dwLowDateTime=0x70b46c13, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0129.832] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.832] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.832] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.832] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.832] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0129.832] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0129.832] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x440110 [0129.832] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.832] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.833] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.833] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.833] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.833] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.833] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x70b46c13, ftLastAccessTime.dwHighDateTime=0x1d947a8, ftLastWriteTime.dwLowDateTime=0x70b46c13, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0129.833] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.833] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.833] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.833] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.833] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.833] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.833] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcaea0430, ftCreationTime.dwHighDateTime=0x1d92827, ftLastAccessTime.dwLowDateTime=0x3c79bef0, ftLastAccessTime.dwHighDateTime=0x1d92eaa, ftLastWriteTime.dwLowDateTime=0x3c79bef0, ftLastWriteTime.dwHighDateTime=0x1d92eaa, nFileSizeHigh=0x0, nFileSizeLow=0x271b, dwReserved0=0x0, dwReserved1=0x1, cFileName="-wj2uLeM9ZxLBKGeYYU.ots", cAlternateFileName="-WJ2UL~1.OTS")) returned 1 [0129.833] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.834] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.834] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.834] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.834] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.834] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.834] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\-wj2uLeM9ZxLBKGeYYU.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\-wj2ulem9zxlbkgeyyu.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0129.834] GetFileType (hFile=0x21c) returned 0x1 [0129.834] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=10011) returned 1 [0129.835] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=10011) returned 1 [0129.835] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0129.835] ReadFile (in: hFile=0x21c, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x271b, lpOverlapped=0x0) returned 1 [0129.836] ReadFile (in: hFile=0x21c, lpBuffer=0xc9632b, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc9632b*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0129.836] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2720) returned 0x462aa0 [0129.837] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2720) returned 0x4651d0 [0129.838] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462aa0 | out: hHeap=0x430000) returned 1 [0129.838] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0129.838] WriteFile (in: hFile=0x21c, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0129.839] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0129.839] WriteFile (in: hFile=0x21c, lpBuffer=0x4651d0*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4651d0*, lpNumberOfBytesWritten=0xc938c4*=0x2000, lpOverlapped=0x0) returned 1 [0129.839] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x467900 [0129.840] WriteFile (in: hFile=0x21c, lpBuffer=0x467900*, nNumberOfBytesToWrite=0x820, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x467900*, lpNumberOfBytesWritten=0xc93954*=0x820, lpOverlapped=0x0) returned 1 [0129.840] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x467900 | out: hHeap=0x430000) returned 1 [0129.840] CloseHandle (hObject=0x21c) returned 1 [0129.843] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4651d0 | out: hHeap=0x430000) returned 1 [0129.843] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23335060, ftCreationTime.dwHighDateTime=0x1d93386, ftLastAccessTime.dwLowDateTime=0xb4448720, ftLastAccessTime.dwHighDateTime=0x1d93586, ftLastWriteTime.dwLowDateTime=0xb4448720, ftLastWriteTime.dwHighDateTime=0x1d93586, nFileSizeHigh=0x0, nFileSizeLow=0x18d43, dwReserved0=0x0, dwReserved1=0x0, cFileName="3Oo-oJ1w8Hl 28.ppt", cAlternateFileName="3OO-OJ~1.PPT")) returned 1 [0129.843] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.843] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.843] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.843] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.843] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.844] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.844] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3Oo-oJ1w8Hl 28.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3oo-oj1w8hl 28.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0129.844] GetFileType (hFile=0x21c) returned 0x1 [0129.844] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=101699) returned 1 [0129.844] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=101699) returned 1 [0129.845] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0129.845] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x18d43) returned 0x462aa0 [0129.848] ReadFile (in: hFile=0x21c, lpBuffer=0x462aa0, nNumberOfBytesToRead=0x18000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x462aa0*, lpNumberOfBytesRead=0xc9daf8*=0x18000, lpOverlapped=0x0) returned 1 [0129.897] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x47cb70 [0129.897] ReadFile (in: hFile=0x21c, lpBuffer=0x47cb70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x47cb70*, lpNumberOfBytesRead=0xc9da88*=0xd43, lpOverlapped=0x0) returned 1 [0129.897] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x18d50) returned 0x47db80 [0129.900] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x18d50) returned 0x4968e0 [0129.906] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x47db80 | out: hHeap=0x430000) returned 1 [0129.907] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0129.907] WriteFile (in: hFile=0x21c, lpBuffer=0x47cb70*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x47cb70*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0129.908] WriteFile (in: hFile=0x21c, lpBuffer=0x497582*, nNumberOfBytesToWrite=0x18000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x497582*, lpNumberOfBytesWritten=0xc9d9f4*=0x18000, lpOverlapped=0x0) returned 1 [0129.908] WriteFile (in: hFile=0x21c, lpBuffer=0x47cb70*, nNumberOfBytesToWrite=0x1ae, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x47cb70*, lpNumberOfBytesWritten=0xc9da84*=0x1ae, lpOverlapped=0x0) returned 1 [0129.909] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x47cb70 | out: hHeap=0x430000) returned 1 [0129.910] CloseHandle (hObject=0x21c) returned 1 [0129.960] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462aa0 | out: hHeap=0x430000) returned 1 [0129.962] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4968e0 | out: hHeap=0x430000) returned 1 [0129.963] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9339810, ftCreationTime.dwHighDateTime=0x1d93477, ftLastAccessTime.dwLowDateTime=0x25dac750, ftLastAccessTime.dwHighDateTime=0x1d935c3, ftLastWriteTime.dwLowDateTime=0x25dac750, ftLastWriteTime.dwHighDateTime=0x1d935c3, nFileSizeHigh=0x0, nFileSizeLow=0x4394, dwReserved0=0x0, dwReserved1=0x0, cFileName="4QAqOmrwkjZgC0q wG.mp3", cAlternateFileName="4QAQOM~1.MP3")) returned 1 [0129.963] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.963] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.963] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.963] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.964] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0129.964] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0129.964] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\4QAqOmrwkjZgC0q wG.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\4qaqomrwkjzgc0q wg.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0129.964] GetFileType (hFile=0x21c) returned 0x1 [0129.964] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=17300) returned 1 [0129.964] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=17300) returned 1 [0129.965] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0129.965] ReadFile (in: hFile=0x21c, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x4394, lpOverlapped=0x0) returned 1 [0129.966] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x462aa0 [0129.967] ReadFile (in: hFile=0x21c, lpBuffer=0x462aa0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc93958, lpOverlapped=0x0 | out: lpBuffer=0x462aa0*, lpNumberOfBytesRead=0xc93958*=0x0, lpOverlapped=0x0) returned 1 [0129.967] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x43a0) returned 0x463ab0 [0129.967] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x43a0) returned 0x467e60 [0129.969] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x463ab0 | out: hHeap=0x430000) returned 1 [0129.971] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0129.972] WriteFile (in: hFile=0x21c, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0129.972] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0129.972] WriteFile (in: hFile=0x21c, lpBuffer=0x467e60*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x467e60*, lpNumberOfBytesWritten=0xc938c4*=0x4000, lpOverlapped=0x0) returned 1 [0129.974] WriteFile (in: hFile=0x21c, lpBuffer=0x462aa0*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x462aa0*, lpNumberOfBytesWritten=0xc93954*=0x4a0, lpOverlapped=0x0) returned 1 [0129.975] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462aa0 | out: hHeap=0x430000) returned 1 [0129.975] CloseHandle (hObject=0x21c) returned 1 [0130.147] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x467e60 | out: hHeap=0x430000) returned 1 [0130.148] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd1b1310, ftCreationTime.dwHighDateTime=0x1d927ee, ftLastAccessTime.dwLowDateTime=0xd1001880, ftLastAccessTime.dwHighDateTime=0x1d9353a, ftLastWriteTime.dwLowDateTime=0xd1001880, ftLastWriteTime.dwHighDateTime=0x1d9353a, nFileSizeHigh=0x0, nFileSizeLow=0x76b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="7fne DlNV.bmp", cAlternateFileName="7FNEDL~1.BMP")) returned 1 [0130.149] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.149] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.149] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.149] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.149] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.149] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.149] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7fne DlNV.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\7fne dlnv.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x234 [0130.150] GetFileType (hFile=0x234) returned 0x1 [0130.150] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=30385) returned 1 [0130.150] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=30385) returned 1 [0130.150] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0130.150] ReadFile (in: hFile=0x234, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0130.152] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x463020 [0130.154] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x468040 [0130.155] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x463020 | out: hHeap=0x430000) returned 1 [0130.155] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0130.156] WriteFile (in: hFile=0x234, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0130.156] SetFilePointerEx (in: hFile=0x234, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=30385) returned 1 [0130.156] WriteFile (in: hFile=0x234, lpBuffer=0x468040*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x468040*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0130.158] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x463020 [0130.158] WriteFile (in: hFile=0x234, lpBuffer=0x463020*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x463020*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0130.159] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x463020 | out: hHeap=0x430000) returned 1 [0130.159] CloseHandle (hObject=0x234) returned 1 [0130.295] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x468040 | out: hHeap=0x430000) returned 1 [0130.296] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48e701a0, ftCreationTime.dwHighDateTime=0x1d92c68, ftLastAccessTime.dwLowDateTime=0xbd8e0e80, ftLastAccessTime.dwHighDateTime=0x1d932ea, ftLastWriteTime.dwLowDateTime=0xbd8e0e80, ftLastWriteTime.dwHighDateTime=0x1d932ea, nFileSizeHigh=0x0, nFileSizeLow=0x17abd, dwReserved0=0x0, dwReserved1=0x0, cFileName="8zluCg7.png", cAlternateFileName="")) returned 1 [0130.296] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.296] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.296] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.296] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.296] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.296] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.297] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8zluCg7.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8zlucg7.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x24c [0130.297] GetFileType (hFile=0x24c) returned 0x1 [0130.297] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=96957) returned 1 [0130.297] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=96957) returned 1 [0130.298] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0130.299] ReadFile (in: hFile=0x24c, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0130.300] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x468020 [0130.301] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4730c0 [0130.303] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x468020 | out: hHeap=0x430000) returned 1 [0130.303] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0130.303] WriteFile (in: hFile=0x24c, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0130.304] SetFilePointerEx (in: hFile=0x24c, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=96957) returned 1 [0130.304] WriteFile (in: hFile=0x24c, lpBuffer=0x4730c0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4730c0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0130.305] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4780e0 [0130.306] WriteFile (in: hFile=0x24c, lpBuffer=0x4780e0*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4780e0*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0130.306] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4780e0 | out: hHeap=0x430000) returned 1 [0130.306] CloseHandle (hObject=0x24c) returned 1 [0130.483] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4730c0 | out: hHeap=0x430000) returned 1 [0130.483] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3af34350, ftCreationTime.dwHighDateTime=0x1d9324a, ftLastAccessTime.dwLowDateTime=0x45288130, ftLastAccessTime.dwHighDateTime=0x1d935b7, ftLastWriteTime.dwLowDateTime=0x45288130, ftLastWriteTime.dwHighDateTime=0x1d935b7, nFileSizeHigh=0x0, nFileSizeLow=0x1471d, dwReserved0=0x0, dwReserved1=0x0, cFileName="B9YZmfaSyzYcy.wav", cAlternateFileName="B9YZMF~1.WAV")) returned 1 [0130.483] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.483] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.483] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.483] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.484] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.484] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.484] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\B9YZmfaSyzYcy.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\b9yzmfasyzycy.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c0 [0130.484] GetFileType (hFile=0x2c0) returned 0x1 [0130.484] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=83741) returned 1 [0130.485] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=83741) returned 1 [0130.485] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0130.485] ReadFile (in: hFile=0x2c0, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0130.488] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4730c0 [0130.488] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x48d0e0 [0130.490] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4730c0 | out: hHeap=0x430000) returned 1 [0130.490] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0130.490] WriteFile (in: hFile=0x2c0, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0130.491] SetFilePointerEx (in: hFile=0x2c0, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=83741) returned 1 [0130.491] WriteFile (in: hFile=0x2c0, lpBuffer=0x48d0e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x48d0e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0130.492] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x481c10 [0130.492] WriteFile (in: hFile=0x2c0, lpBuffer=0x481c10*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x481c10*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0130.493] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x481c10 | out: hHeap=0x430000) returned 1 [0130.493] CloseHandle (hObject=0x2c0) returned 1 [0130.640] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48d0e0 | out: hHeap=0x430000) returned 1 [0130.642] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbadca360, ftCreationTime.dwHighDateTime=0x1d93298, ftLastAccessTime.dwLowDateTime=0x2094890, ftLastAccessTime.dwHighDateTime=0x1d93557, ftLastWriteTime.dwLowDateTime=0x2094890, ftLastWriteTime.dwHighDateTime=0x1d93557, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg40Nk k8gAEKN", cAlternateFileName="BG40NK~1")) returned 1 [0130.643] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.643] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.643] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.643] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.643] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0130.643] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0130.643] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43fdb0 [0130.644] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0130.644] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0130.644] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0130.644] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0130.644] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0130.644] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0130.644] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbadca360, ftCreationTime.dwHighDateTime=0x1d93298, ftLastAccessTime.dwLowDateTime=0x2094890, ftLastAccessTime.dwHighDateTime=0x1d93557, ftLastWriteTime.dwLowDateTime=0x2094890, ftLastWriteTime.dwHighDateTime=0x1d93557, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.644] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0130.644] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0130.644] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0130.645] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0130.645] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0130.645] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0130.645] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8a5020, ftCreationTime.dwHighDateTime=0x1d93135, ftLastAccessTime.dwLowDateTime=0xf0590700, ftLastAccessTime.dwHighDateTime=0x1d9313e, ftLastWriteTime.dwLowDateTime=0xf0590700, ftLastWriteTime.dwHighDateTime=0x1d9313e, nFileSizeHigh=0x0, nFileSizeLow=0x1310, dwReserved0=0x0, dwReserved1=0x0, cFileName="cWfz.ods", cAlternateFileName="")) returned 1 [0130.645] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0130.645] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0130.645] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0130.645] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0130.645] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0130.645] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0130.645] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\cWfz.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\cwfz.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0130.646] GetFileType (hFile=0x2e8) returned 0x1 [0130.646] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=4880) returned 1 [0130.646] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=4880) returned 1 [0130.646] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0130.646] ReadFile (in: hFile=0x2e8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x1310, lpOverlapped=0x0) returned 1 [0130.647] ReadFile (in: hFile=0x2e8, lpBuffer=0xc94630, nNumberOfBytesToRead=0x3000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc94630*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0130.647] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1320) returned 0x4738b0 [0130.648] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1320) returned 0x474be0 [0130.648] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4738b0 | out: hHeap=0x430000) returned 1 [0130.648] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0130.649] WriteFile (in: hFile=0x2e8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0130.649] SetFilePointerEx (in: hFile=0x2e8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0130.650] WriteFile (in: hFile=0x2e8, lpBuffer=0x474be0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x474be0*, lpNumberOfBytesWritten=0xc92fd4*=0x1000, lpOverlapped=0x0) returned 1 [0130.650] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x491ff0 [0130.653] WriteFile (in: hFile=0x2e8, lpBuffer=0x491ff0*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x491ff0*, lpNumberOfBytesWritten=0xc93064*=0x420, lpOverlapped=0x0) returned 1 [0130.654] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x491ff0 | out: hHeap=0x430000) returned 1 [0130.654] CloseHandle (hObject=0x2e8) returned 1 [0131.745] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x474be0 | out: hHeap=0x430000) returned 1 [0131.745] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6060380, ftCreationTime.dwHighDateTime=0x1d935a3, ftLastAccessTime.dwLowDateTime=0xdf512100, ftLastAccessTime.dwHighDateTime=0x1d93606, ftLastWriteTime.dwLowDateTime=0xdf512100, ftLastWriteTime.dwHighDateTime=0x1d93606, nFileSizeHigh=0x0, nFileSizeLow=0x15a6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="ESCJ7tJ.pps", cAlternateFileName="")) returned 1 [0131.746] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.746] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.746] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.746] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\ESCJ7tJ.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\escj7tj.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0131.746] GetFileType (hFile=0x2fc) returned 0x1 [0131.746] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=88683) returned 1 [0131.747] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=88683) returned 1 [0131.747] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0131.747] ReadFile (in: hFile=0x2fc, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0131.748] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4acf60 [0131.748] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4b1f80 [0131.750] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4acf60 | out: hHeap=0x430000) returned 1 [0131.750] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0131.750] WriteFile (in: hFile=0x2fc, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0131.751] SetFilePointerEx (in: hFile=0x2fc, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=88683) returned 1 [0131.751] WriteFile (in: hFile=0x2fc, lpBuffer=0x4b1f80*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4b1f80*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0131.752] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x494010 [0131.752] WriteFile (in: hFile=0x2fc, lpBuffer=0x494010*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x494010*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0131.753] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x494010 | out: hHeap=0x430000) returned 1 [0131.753] CloseHandle (hObject=0x2fc) returned 1 [0131.842] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4b1f80 | out: hHeap=0x430000) returned 1 [0131.843] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3014c80, ftCreationTime.dwHighDateTime=0x1d92ae9, ftLastAccessTime.dwLowDateTime=0xb0ba17b0, ftLastAccessTime.dwHighDateTime=0x1d92ebe, ftLastWriteTime.dwLowDateTime=0xb0ba17b0, ftLastWriteTime.dwHighDateTime=0x1d92ebe, nFileSizeHigh=0x0, nFileSizeLow=0x43da, dwReserved0=0x0, dwReserved1=0x0, cFileName="hBWRR5BfsYn2.avi", cAlternateFileName="HBWRR5~1.AVI")) returned 1 [0131.843] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.843] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.843] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.843] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.843] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.843] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.844] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\hBWRR5BfsYn2.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\hbwrr5bfsyn2.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0131.845] GetFileType (hFile=0x310) returned 0x1 [0131.845] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=17370) returned 1 [0131.845] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=17370) returned 1 [0131.845] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0131.846] ReadFile (in: hFile=0x310, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x43da, lpOverlapped=0x0) returned 1 [0131.848] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x490fe0 [0131.848] ReadFile (in: hFile=0x310, lpBuffer=0x490fe0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc93068, lpOverlapped=0x0 | out: lpBuffer=0x490fe0*, lpNumberOfBytesRead=0xc93068*=0x0, lpOverlapped=0x0) returned 1 [0131.848] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x43e0) returned 0x4b02e0 [0131.848] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x43e0) returned 0x4bad00 [0131.850] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4b02e0 | out: hHeap=0x430000) returned 1 [0131.850] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0131.850] WriteFile (in: hFile=0x310, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0131.851] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0131.851] WriteFile (in: hFile=0x310, lpBuffer=0x4bad00*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4bad00*, lpNumberOfBytesWritten=0xc92fd4*=0x4000, lpOverlapped=0x0) returned 1 [0131.852] WriteFile (in: hFile=0x310, lpBuffer=0x490fe0*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x490fe0*, lpNumberOfBytesWritten=0xc93064*=0x4e0, lpOverlapped=0x0) returned 1 [0131.856] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x490fe0 | out: hHeap=0x430000) returned 1 [0131.856] CloseHandle (hObject=0x310) returned 1 [0131.866] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0131.866] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28160d20, ftCreationTime.dwHighDateTime=0x1d93359, ftLastAccessTime.dwLowDateTime=0xac69ba10, ftLastAccessTime.dwHighDateTime=0x1d935f5, ftLastWriteTime.dwLowDateTime=0xac69ba10, ftLastWriteTime.dwHighDateTime=0x1d935f5, nFileSizeHigh=0x0, nFileSizeLow=0x1727e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MEbNa.png", cAlternateFileName="")) returned 1 [0131.869] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.869] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.869] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.869] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.869] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.869] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.869] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\MEbNa.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\mebna.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0131.869] GetFileType (hFile=0x310) returned 0x1 [0131.870] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=94846) returned 1 [0131.870] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=94846) returned 1 [0131.870] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0131.870] ReadFile (in: hFile=0x310, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0131.907] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4b02e0 [0131.908] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bf910 [0131.909] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4b02e0 | out: hHeap=0x430000) returned 1 [0131.909] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0131.910] WriteFile (in: hFile=0x310, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0131.910] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=94846) returned 1 [0131.910] WriteFile (in: hFile=0x310, lpBuffer=0x4bf910*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4bf910*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0131.911] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x490fe0 [0131.911] WriteFile (in: hFile=0x310, lpBuffer=0x490fe0*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x490fe0*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0131.912] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x490fe0 | out: hHeap=0x430000) returned 1 [0131.912] CloseHandle (hObject=0x310) returned 1 [0131.936] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bf910 | out: hHeap=0x430000) returned 1 [0131.936] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6465c100, ftCreationTime.dwHighDateTime=0x1d9285d, ftLastAccessTime.dwLowDateTime=0xd73b0940, ftLastAccessTime.dwHighDateTime=0x1d932ff, ftLastWriteTime.dwLowDateTime=0xd73b0940, ftLastWriteTime.dwHighDateTime=0x1d932ff, nFileSizeHigh=0x0, nFileSizeLow=0x2077, dwReserved0=0x0, dwReserved1=0x0, cFileName="MQux2 vq81yYA.jpg", cAlternateFileName="MQUX2V~1.JPG")) returned 1 [0131.936] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.936] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.936] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.936] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.936] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.936] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.936] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\MQux2 vq81yYA.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\mqux2 vq81yya.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0131.937] GetFileType (hFile=0x310) returned 0x1 [0131.937] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=8311) returned 1 [0131.937] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=8311) returned 1 [0131.937] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0131.937] ReadFile (in: hFile=0x310, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x2077, lpOverlapped=0x0) returned 1 [0131.938] ReadFile (in: hFile=0x310, lpBuffer=0xc95397, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc95397*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0131.938] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2080) returned 0x4bad00 [0131.939] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2080) returned 0x4bcd90 [0131.939] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0131.939] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0131.939] WriteFile (in: hFile=0x310, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0131.940] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0131.940] WriteFile (in: hFile=0x310, lpBuffer=0x4bcd90*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4bcd90*, lpNumberOfBytesWritten=0xc92fd4*=0x2000, lpOverlapped=0x0) returned 1 [0131.941] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x491ff0 [0131.941] WriteFile (in: hFile=0x310, lpBuffer=0x491ff0*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x491ff0*, lpNumberOfBytesWritten=0xc93064*=0x180, lpOverlapped=0x0) returned 1 [0131.942] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x491ff0 | out: hHeap=0x430000) returned 1 [0131.942] CloseHandle (hObject=0x310) returned 1 [0131.951] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bcd90 | out: hHeap=0x430000) returned 1 [0131.951] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93586100, ftCreationTime.dwHighDateTime=0x1d92cf6, ftLastAccessTime.dwLowDateTime=0x41424860, ftLastAccessTime.dwHighDateTime=0x1d934dd, ftLastWriteTime.dwLowDateTime=0x41424860, ftLastWriteTime.dwHighDateTime=0x1d934dd, nFileSizeHigh=0x0, nFileSizeLow=0x18161, dwReserved0=0x0, dwReserved1=0x0, cFileName="N QZTMIXjBIoZTX.png", cAlternateFileName="NQZTMI~1.PNG")) returned 1 [0131.951] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.951] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.952] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.952] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.952] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0131.952] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0131.952] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\N QZTMIXjBIoZTX.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\n qztmixjbioztx.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x310 [0131.952] GetFileType (hFile=0x310) returned 0x1 [0131.952] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=98657) returned 1 [0131.953] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=98657) returned 1 [0131.953] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0131.953] ReadFile (in: hFile=0x310, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0131.954] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bf910 [0131.954] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4b02e0 [0131.956] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bf910 | out: hHeap=0x430000) returned 1 [0131.956] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0131.956] WriteFile (in: hFile=0x310, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0131.957] SetFilePointerEx (in: hFile=0x310, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=98657) returned 1 [0131.957] WriteFile (in: hFile=0x310, lpBuffer=0x4b02e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4b02e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0131.958] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x48ffd0 [0131.958] WriteFile (in: hFile=0x310, lpBuffer=0x48ffd0*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x48ffd0*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0131.959] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48ffd0 | out: hHeap=0x430000) returned 1 [0131.959] CloseHandle (hObject=0x310) returned 1 [0132.065] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4b02e0 | out: hHeap=0x430000) returned 1 [0132.065] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x149525a0, ftCreationTime.dwHighDateTime=0x1d9286f, ftLastAccessTime.dwLowDateTime=0xa5b23f90, ftLastAccessTime.dwHighDateTime=0x1d92e1a, ftLastWriteTime.dwLowDateTime=0xa5b23f90, ftLastWriteTime.dwHighDateTime=0x1d92e1a, nFileSizeHigh=0x0, nFileSizeLow=0x1072c, dwReserved0=0x0, dwReserved1=0x0, cFileName="O9JzJbgS7Mb5w.csv", cAlternateFileName="O9JZJB~1.CSV")) returned 1 [0132.065] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.065] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.065] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.065] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.065] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.065] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.065] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\O9JzJbgS7Mb5w.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\o9jzjbgs7mb5w.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0132.066] GetFileType (hFile=0x314) returned 0x1 [0132.066] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9d298*=67372) returned 1 [0132.066] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9d248*=67372) returned 1 [0132.066] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0132.066] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x1072c) returned 0x4bad00 [0132.068] ReadFile (in: hFile=0x314, lpBuffer=0x4bad00, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0xc9d208, lpOverlapped=0x0 | out: lpBuffer=0x4bad00*, lpNumberOfBytesRead=0xc9d208*=0x10000, lpOverlapped=0x0) returned 1 [0132.069] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x48ffd0 [0132.069] ReadFile (in: hFile=0x314, lpBuffer=0x48ffd0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9d198, lpOverlapped=0x0 | out: lpBuffer=0x48ffd0*, lpNumberOfBytesRead=0xc9d198*=0x72c, lpOverlapped=0x0) returned 1 [0132.070] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x10730) returned 0x4cb440 [0132.072] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x10730) returned 0x4dbb80 [0132.077] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4cb440 | out: hHeap=0x430000) returned 1 [0132.078] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0132.078] WriteFile (in: hFile=0x314, lpBuffer=0x48ffd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d0d4, lpOverlapped=0x0 | out: lpBuffer=0x48ffd0*, lpNumberOfBytesWritten=0xc9d0d4*=0x1000, lpOverlapped=0x0) returned 1 [0132.078] WriteFile (in: hFile=0x314, lpBuffer=0x4dc822*, nNumberOfBytesToWrite=0xf000, lpNumberOfBytesWritten=0xc9d104, lpOverlapped=0x0 | out: lpBuffer=0x4dc822*, lpNumberOfBytesWritten=0xc9d104*=0xf000, lpOverlapped=0x0) returned 1 [0132.079] WriteFile (in: hFile=0x314, lpBuffer=0x48ffd0*, nNumberOfBytesToWrite=0xb8e, lpNumberOfBytesWritten=0xc9d194, lpOverlapped=0x0 | out: lpBuffer=0x48ffd0*, lpNumberOfBytesWritten=0xc9d194*=0xb8e, lpOverlapped=0x0) returned 1 [0132.080] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48ffd0 | out: hHeap=0x430000) returned 1 [0132.080] CloseHandle (hObject=0x314) returned 1 [0132.164] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0132.169] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4dbb80 | out: hHeap=0x430000) returned 1 [0132.171] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cd88590, ftCreationTime.dwHighDateTime=0x1d92e9c, ftLastAccessTime.dwLowDateTime=0xddf342d0, ftLastAccessTime.dwHighDateTime=0x1d931e1, ftLastWriteTime.dwLowDateTime=0xddf342d0, ftLastWriteTime.dwHighDateTime=0x1d931e1, nFileSizeHigh=0x0, nFileSizeLow=0x7c6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tkmuw2oxS7Skgbs.avi", cAlternateFileName="TKMUW2~1.AVI")) returned 1 [0132.171] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.171] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.171] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.171] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.171] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.171] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.172] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\Tkmuw2oxS7Skgbs.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\tkmuw2oxs7skgbs.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0132.172] GetFileType (hFile=0x314) returned 0x1 [0132.172] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=31854) returned 1 [0132.172] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=31854) returned 1 [0132.172] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0132.172] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0132.174] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4b0b00 [0132.174] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bad00 [0132.177] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4b0b00 | out: hHeap=0x430000) returned 1 [0132.177] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0132.177] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0132.177] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=31854) returned 1 [0132.178] WriteFile (in: hFile=0x314, lpBuffer=0x4bad00*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4bad00*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0132.178] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x48cfa0 [0132.179] WriteFile (in: hFile=0x314, lpBuffer=0x48cfa0*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x48cfa0*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0132.179] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cfa0 | out: hHeap=0x430000) returned 1 [0132.179] CloseHandle (hObject=0x314) returned 1 [0132.212] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0132.212] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e00bda0, ftCreationTime.dwHighDateTime=0x1d93372, ftLastAccessTime.dwLowDateTime=0x7904c240, ftLastAccessTime.dwHighDateTime=0x1d933c1, ftLastWriteTime.dwLowDateTime=0x7904c240, ftLastWriteTime.dwHighDateTime=0x1d933c1, nFileSizeHigh=0x0, nFileSizeLow=0x15875, dwReserved0=0x0, dwReserved1=0x0, cFileName="W2krG8rPbXHhq WhYNIP.wav", cAlternateFileName="W2KRG8~1.WAV")) returned 1 [0132.212] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.212] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.212] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.212] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.212] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.212] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.213] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\W2krG8rPbXHhq WhYNIP.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\w2krg8rpbxhhq whynip.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0132.213] GetFileType (hFile=0x314) returned 0x1 [0132.213] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=88181) returned 1 [0132.213] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=88181) returned 1 [0132.213] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0132.213] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0132.215] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4b0670 [0132.215] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bad00 [0132.215] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4b0670 | out: hHeap=0x430000) returned 1 [0132.216] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0132.216] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0132.216] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=88181) returned 1 [0132.216] WriteFile (in: hFile=0x314, lpBuffer=0x4bad00*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4bad00*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0132.217] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x48dfb0 [0132.217] WriteFile (in: hFile=0x314, lpBuffer=0x48dfb0*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x48dfb0*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0132.218] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48dfb0 | out: hHeap=0x430000) returned 1 [0132.218] CloseHandle (hObject=0x314) returned 1 [0132.337] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0132.339] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.339] GetLastError () returned 0x12 [0132.339] GetLastError () returned 0x12 [0132.339] SetLastError (dwErrCode=0x12) [0132.339] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0132.339] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27af0680, ftCreationTime.dwHighDateTime=0x1d947a8, ftLastAccessTime.dwLowDateTime=0x27af0680, ftLastAccessTime.dwHighDateTime=0x1d947a8, ftLastWriteTime.dwLowDateTime=0x1e74f400, ftLastWriteTime.dwHighDateTime=0x1d942e7, nFileSizeHigh=0x0, nFileSizeLow=0x1daa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bucbja.dll", cAlternateFileName="")) returned 1 [0132.339] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.339] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.340] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.340] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.340] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.340] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.340] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0132.340] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.340] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.340] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.340] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.340] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.340] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.341] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0132.341] GetFileType (hFile=0x2e4) returned 0x1 [0132.341] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=282) returned 1 [0132.341] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=282) returned 1 [0132.341] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0132.341] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x11a, lpOverlapped=0x0) returned 1 [0132.343] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93d2a, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93d2a*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0132.343] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x120) returned 0x46c1d0 [0132.343] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x120) returned 0x477f10 [0132.343] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x46c1d0 | out: hHeap=0x430000) returned 1 [0132.344] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0132.344] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0132.346] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0132.346] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0132.347] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x220, lpOverlapped=0x0) returned 1 [0132.347] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0132.347] CloseHandle (hObject=0x2e4) returned 1 [0132.350] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x477f10 | out: hHeap=0x430000) returned 1 [0132.350] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x551fc240, ftCreationTime.dwHighDateTime=0x1d92c54, ftLastAccessTime.dwLowDateTime=0x1fa268b0, ftLastAccessTime.dwHighDateTime=0x1d92db8, ftLastWriteTime.dwLowDateTime=0x1fa268b0, ftLastWriteTime.dwHighDateTime=0x1d92db8, nFileSizeHigh=0x0, nFileSizeLow=0x27a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="fcJkgUpdA60JQ 5.m4a", cAlternateFileName="FCJKGU~1.M4A")) returned 1 [0132.350] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.350] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.350] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.350] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.350] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.350] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.351] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\fcJkgUpdA60JQ 5.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcjkgupda60jq 5.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0132.351] GetFileType (hFile=0x2e4) returned 0x1 [0132.351] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=10150) returned 1 [0132.351] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=10150) returned 1 [0132.353] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0132.353] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x27a6, lpOverlapped=0x0) returned 1 [0132.354] ReadFile (in: hFile=0x2e4, lpBuffer=0xc963b6, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc963b6*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0132.354] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x27b0) returned 0x4b0670 [0132.355] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x27b0) returned 0x4b2e30 [0132.356] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4b0670 | out: hHeap=0x430000) returned 1 [0132.356] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0132.356] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0132.357] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0132.357] WriteFile (in: hFile=0x2e4, lpBuffer=0x4b2e30*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4b2e30*, lpNumberOfBytesWritten=0xc938c4*=0x2000, lpOverlapped=0x0) returned 1 [0132.357] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0132.358] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x8b0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x8b0, lpOverlapped=0x0) returned 1 [0132.358] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0132.358] CloseHandle (hObject=0x2e4) returned 1 [0132.361] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4b2e30 | out: hHeap=0x430000) returned 1 [0132.361] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45a076f0, ftCreationTime.dwHighDateTime=0x1d92b5c, ftLastAccessTime.dwLowDateTime=0xfc8fd640, ftLastAccessTime.dwHighDateTime=0x1d92b60, ftLastWriteTime.dwLowDateTime=0xfc8fd640, ftLastWriteTime.dwHighDateTime=0x1d92b60, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FcM3HJ3zl6", cAlternateFileName="FCM3HJ~1")) returned 1 [0132.361] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.361] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.361] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.361] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.361] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0132.361] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0132.362] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x4393e0 [0132.362] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.362] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.362] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.362] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.362] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.362] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.362] FindNextFileW (in: hFindFile=0x4393e0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45a076f0, ftCreationTime.dwHighDateTime=0x1d92b5c, ftLastAccessTime.dwLowDateTime=0xfc8fd640, ftLastAccessTime.dwHighDateTime=0x1d92b60, ftLastWriteTime.dwLowDateTime=0xfc8fd640, ftLastWriteTime.dwHighDateTime=0x1d92b60, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.363] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.363] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.363] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.363] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.363] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.363] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.363] FindNextFileW (in: hFindFile=0x4393e0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29084ed0, ftCreationTime.dwHighDateTime=0x1d93379, ftLastAccessTime.dwLowDateTime=0x49ddc910, ftLastAccessTime.dwHighDateTime=0x1d935fd, ftLastWriteTime.dwLowDateTime=0x49ddc910, ftLastWriteTime.dwHighDateTime=0x1d935fd, nFileSizeHigh=0x0, nFileSizeLow=0x96df, dwReserved0=0x0, dwReserved1=0x0, cFileName="-LrxdLy.mkv", cAlternateFileName="")) returned 1 [0132.363] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.363] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.363] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.363] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.363] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.363] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.364] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\-LrxdLy.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\-lrxdly.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0132.364] GetFileType (hFile=0x314) returned 0x1 [0132.364] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=38623) returned 1 [0132.364] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=38623) returned 1 [0132.364] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0132.364] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0132.478] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4b0670 [0132.478] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bad00 [0132.482] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4b0670 | out: hHeap=0x430000) returned 1 [0132.482] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0132.482] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0132.483] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=38623) returned 1 [0132.483] WriteFile (in: hFile=0x314, lpBuffer=0x4bad00*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4bad00*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0132.484] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x48cfa0 [0132.484] WriteFile (in: hFile=0x314, lpBuffer=0x48cfa0*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x48cfa0*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0132.485] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cfa0 | out: hHeap=0x430000) returned 1 [0132.485] CloseHandle (hObject=0x314) returned 1 [0132.712] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0132.804] FindNextFileW (in: hFindFile=0x4393e0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72e30d10, ftCreationTime.dwHighDateTime=0x1d934c3, ftLastAccessTime.dwLowDateTime=0xb52d2ac0, ftLastAccessTime.dwHighDateTime=0x1d934c8, ftLastWriteTime.dwLowDateTime=0xb52d2ac0, ftLastWriteTime.dwHighDateTime=0x1d934c8, nFileSizeHigh=0x0, nFileSizeLow=0x106d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="7qhpz8_JHXZdpvy.jpg", cAlternateFileName="7QHPZ8~1.JPG")) returned 1 [0132.804] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.804] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.804] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.804] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.804] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.804] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.805] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\7qhpz8_JHXZdpvy.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\7qhpz8_jhxzdpvy.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0132.805] GetFileType (hFile=0x314) returned 0x1 [0132.805] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=67287) returned 1 [0132.806] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=67287) returned 1 [0132.806] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0132.806] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0132.807] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0132.808] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4e21e0 [0132.810] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0132.810] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0132.810] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0132.811] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=67287) returned 1 [0132.811] WriteFile (in: hFile=0x314, lpBuffer=0x4e21e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4e21e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0132.812] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0132.812] WriteFile (in: hFile=0x314, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0132.813] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0132.813] CloseHandle (hObject=0x314) returned 1 [0132.818] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4e21e0 | out: hHeap=0x430000) returned 1 [0132.818] FindNextFileW (in: hFindFile=0x4393e0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33261ad0, ftCreationTime.dwHighDateTime=0x1d92845, ftLastAccessTime.dwLowDateTime=0x3d24cad0, ftLastAccessTime.dwHighDateTime=0x1d929ae, ftLastWriteTime.dwLowDateTime=0x3d24cad0, ftLastWriteTime.dwHighDateTime=0x1d929ae, nFileSizeHigh=0x0, nFileSizeLow=0x9a1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="bqN93ZeE_VWClGu7lT88.xlsx", cAlternateFileName="BQN93Z~1.XLS")) returned 1 [0132.818] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.818] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.818] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.818] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.818] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.818] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.819] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\bqN93ZeE_VWClGu7lT88.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\bqn93zee_vwclgu7lt88.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0132.819] GetFileType (hFile=0x314) returned 0x1 [0132.819] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9d298*=39453) returned 1 [0132.819] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9d248*=39453) returned 1 [0132.819] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0132.819] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x9a1d) returned 0x15a47b0 [0132.824] ReadFile (in: hFile=0x314, lpBuffer=0x15a47b0, nNumberOfBytesToRead=0x9000, lpNumberOfBytesRead=0xc9d208, lpOverlapped=0x0 | out: lpBuffer=0x15a47b0*, lpNumberOfBytesRead=0xc9d208*=0x9000, lpOverlapped=0x0) returned 1 [0132.825] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0132.825] ReadFile (in: hFile=0x314, lpBuffer=0x4d9290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9d198, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesRead=0xc9d198*=0xa1d, lpOverlapped=0x0) returned 1 [0132.826] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x9a20) returned 0x4bad00 [0132.826] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x9a20) returned 0x4c4730 [0132.828] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0132.829] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0132.829] WriteFile (in: hFile=0x314, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d0d4, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc9d0d4*=0x1000, lpOverlapped=0x0) returned 1 [0132.829] WriteFile (in: hFile=0x314, lpBuffer=0x4c53d2*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0xc9d104, lpOverlapped=0x0 | out: lpBuffer=0x4c53d2*, lpNumberOfBytesWritten=0xc9d104*=0x8000, lpOverlapped=0x0) returned 1 [0132.830] WriteFile (in: hFile=0x314, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0xe7e, lpNumberOfBytesWritten=0xc9d194, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc9d194*=0xe7e, lpOverlapped=0x0) returned 1 [0132.831] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0132.831] CloseHandle (hObject=0x314) returned 1 [0132.835] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15a47b0 | out: hHeap=0x430000) returned 1 [0132.835] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4c4730 | out: hHeap=0x430000) returned 1 [0132.842] FindNextFileW (in: hFindFile=0x4393e0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7c45970, ftCreationTime.dwHighDateTime=0x1d92c4e, ftLastAccessTime.dwLowDateTime=0x4949360, ftLastAccessTime.dwHighDateTime=0x1d9340f, ftLastWriteTime.dwLowDateTime=0x4949360, ftLastWriteTime.dwHighDateTime=0x1d9340f, nFileSizeHigh=0x0, nFileSizeLow=0xdc3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Eis9xSD3cZ.swf", cAlternateFileName="EIS9XS~1.SWF")) returned 1 [0132.842] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.842] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.842] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.842] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.842] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0132.842] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0132.843] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\Eis9xSD3cZ.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\eis9xsd3cz.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0132.843] GetFileType (hFile=0x314) returned 0x1 [0132.843] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=56381) returned 1 [0132.843] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=56381) returned 1 [0132.843] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0132.843] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0132.910] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0132.911] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x518280 [0132.913] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0132.913] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0132.914] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0132.915] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=56381) returned 1 [0132.915] WriteFile (in: hFile=0x314, lpBuffer=0x518280*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x518280*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0132.916] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0132.916] WriteFile (in: hFile=0x314, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0132.917] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0132.917] CloseHandle (hObject=0x314) returned 1 [0133.016] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x518280 | out: hHeap=0x430000) returned 1 [0133.016] FindNextFileW (in: hFindFile=0x4393e0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab1dccd0, ftCreationTime.dwHighDateTime=0x1d932fa, ftLastAccessTime.dwLowDateTime=0x6f26b430, ftLastAccessTime.dwHighDateTime=0x1d9357a, ftLastWriteTime.dwLowDateTime=0x6f26b430, ftLastWriteTime.dwHighDateTime=0x1d9357a, nFileSizeHigh=0x0, nFileSizeLow=0xcde, dwReserved0=0x0, dwReserved1=0x0, cFileName="GaQ1TU-ns4-u6B3Pj_F.swf", cAlternateFileName="GAQ1TU~1.SWF")) returned 1 [0133.016] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.016] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.016] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.016] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.016] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.016] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.017] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\GaQ1TU-ns4-u6B3Pj_F.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\gaq1tu-ns4-u6b3pj_f.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0133.017] GetFileType (hFile=0x314) returned 0x1 [0133.017] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=3294) returned 1 [0133.017] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=3294) returned 1 [0133.017] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0133.018] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0xcde, lpOverlapped=0x0) returned 1 [0133.019] ReadFile (in: hFile=0x314, lpBuffer=0xc93ffe, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93ffe*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0133.019] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xce0) returned 0x15bccc0 [0133.019] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xce0) returned 0x15b58c0 [0133.020] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15bccc0 | out: hHeap=0x430000) returned 1 [0133.020] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0133.020] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0133.021] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0133.021] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0133.021] WriteFile (in: hFile=0x314, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0xde0, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc93064*=0xde0, lpOverlapped=0x0) returned 1 [0133.022] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0133.022] CloseHandle (hObject=0x314) returned 1 [0133.104] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0133.104] FindNextFileW (in: hFindFile=0x4393e0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8eb1f40, ftCreationTime.dwHighDateTime=0x1d9276a, ftLastAccessTime.dwLowDateTime=0x4c3e4340, ftLastAccessTime.dwHighDateTime=0x1d934c9, ftLastWriteTime.dwLowDateTime=0x4c3e4340, ftLastWriteTime.dwHighDateTime=0x1d934c9, nFileSizeHigh=0x0, nFileSizeLow=0x15332, dwReserved0=0x0, dwReserved1=0x0, cFileName="kQdD.rtf", cAlternateFileName="")) returned 1 [0133.104] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.104] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.104] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.104] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.105] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.105] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.105] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\kQdD.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\kqdd.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0133.106] GetFileType (hFile=0x314) returned 0x1 [0133.106] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=86834) returned 1 [0133.106] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=86834) returned 1 [0133.107] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0133.107] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0133.110] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0133.110] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x518280 [0133.112] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0133.112] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0133.112] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0133.113] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=86834) returned 1 [0133.113] WriteFile (in: hFile=0x314, lpBuffer=0x518280*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x518280*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0133.115] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0133.115] WriteFile (in: hFile=0x314, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0133.116] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0133.116] CloseHandle (hObject=0x314) returned 1 [0133.204] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x518280 | out: hHeap=0x430000) returned 1 [0133.204] FindNextFileW (in: hFindFile=0x4393e0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc04f0390, ftCreationTime.dwHighDateTime=0x1d92a34, ftLastAccessTime.dwLowDateTime=0x55a7e770, ftLastAccessTime.dwHighDateTime=0x1d932ca, ftLastWriteTime.dwLowDateTime=0x55a7e770, ftLastWriteTime.dwHighDateTime=0x1d932ca, nFileSizeHigh=0x0, nFileSizeLow=0x120b, dwReserved0=0x0, dwReserved1=0x0, cFileName="nq8ktm1kT2WY3NIUwi.jpg", cAlternateFileName="NQ8KTM~1.JPG")) returned 1 [0133.204] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.205] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.205] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.205] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.205] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.205] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.205] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\nq8ktm1kT2WY3NIUwi.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\nq8ktm1kt2wy3niuwi.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0133.205] GetFileType (hFile=0x314) returned 0x1 [0133.205] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=4619) returned 1 [0133.205] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=4619) returned 1 [0133.206] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0133.206] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x120b, lpOverlapped=0x0) returned 1 [0133.207] ReadFile (in: hFile=0x314, lpBuffer=0xc9452b, nNumberOfBytesToRead=0x3000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc9452b*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0133.207] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1210) returned 0x15ddce0 [0133.207] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1210) returned 0x15b58c0 [0133.207] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ddce0 | out: hHeap=0x430000) returned 1 [0133.207] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0133.207] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0133.208] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0133.208] WriteFile (in: hFile=0x314, lpBuffer=0x15b58c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x15b58c0*, lpNumberOfBytesWritten=0xc92fd4*=0x1000, lpOverlapped=0x0) returned 1 [0133.208] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0133.208] WriteFile (in: hFile=0x314, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93064*=0x310, lpOverlapped=0x0) returned 1 [0133.209] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0133.209] CloseHandle (hObject=0x314) returned 1 [0133.526] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0133.526] FindNextFileW (in: hFindFile=0x4393e0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x391a5680, ftCreationTime.dwHighDateTime=0x1d931fb, ftLastAccessTime.dwLowDateTime=0xdda41330, ftLastAccessTime.dwHighDateTime=0x1d93417, ftLastWriteTime.dwLowDateTime=0xdda41330, ftLastWriteTime.dwHighDateTime=0x1d93417, nFileSizeHigh=0x0, nFileSizeLow=0x3448, dwReserved0=0x0, dwReserved1=0x0, cFileName="x5oeGxuFd3ZTD.jpg", cAlternateFileName="X5OEGX~1.JPG")) returned 1 [0133.526] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.526] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.526] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.526] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.526] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.526] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.527] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\x5oeGxuFd3ZTD.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\x5oegxufd3ztd.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0133.527] GetFileType (hFile=0x314) returned 0x1 [0133.527] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=13384) returned 1 [0133.527] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=13384) returned 1 [0133.527] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0133.527] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x3448, lpOverlapped=0x0) returned 1 [0133.529] ReadFile (in: hFile=0x314, lpBuffer=0xc96768, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc96768*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0133.529] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3450) returned 0x4bad00 [0133.529] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3450) returned 0x526720 [0133.530] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0133.530] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0133.531] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0133.531] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0133.531] WriteFile (in: hFile=0x314, lpBuffer=0x526720*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesWritten=0xc92fd4*=0x3000, lpOverlapped=0x0) returned 1 [0133.531] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0133.532] WriteFile (in: hFile=0x314, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93064*=0x550, lpOverlapped=0x0) returned 1 [0133.532] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0133.532] CloseHandle (hObject=0x314) returned 1 [0133.595] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0133.595] FindNextFileW (in: hFindFile=0x4393e0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x386894a0, ftCreationTime.dwHighDateTime=0x1d93038, ftLastAccessTime.dwLowDateTime=0xcd2764c0, ftLastAccessTime.dwHighDateTime=0x1d933d2, ftLastWriteTime.dwLowDateTime=0xcd2764c0, ftLastWriteTime.dwHighDateTime=0x1d933d2, nFileSizeHigh=0x0, nFileSizeLow=0x9453, dwReserved0=0x0, dwReserved1=0x0, cFileName="xKw XH2hna1hjh-.bmp", cAlternateFileName="XKWXH2~1.BMP")) returned 1 [0133.595] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.595] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.595] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.595] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.595] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0133.595] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0133.595] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\xKw XH2hna1hjh-.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\xkw xh2hna1hjh-.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0133.596] GetFileType (hFile=0x314) returned 0x1 [0133.596] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=37971) returned 1 [0133.596] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=37971) returned 1 [0133.596] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0133.596] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0133.598] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0133.599] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0133.601] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0133.601] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0133.602] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0133.603] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=37971) returned 1 [0133.603] WriteFile (in: hFile=0x314, lpBuffer=0x4bfd40*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4bfd40*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0133.604] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0133.604] WriteFile (in: hFile=0x314, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0133.605] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0133.605] CloseHandle (hObject=0x314) returned 1 [0133.712] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0133.712] FindNextFileW (in: hFindFile=0x4393e0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0133.712] GetLastError () returned 0x12 [0133.712] GetLastError () returned 0x12 [0133.712] SetLastError (dwErrCode=0x12) [0133.712] FindClose (in: hFindFile=0x4393e0 | out: hFindFile=0x4393e0) returned 1 [0133.712] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a930, ftCreationTime.dwHighDateTime=0x1d934ad, ftLastAccessTime.dwLowDateTime=0x6274c300, ftLastAccessTime.dwHighDateTime=0x1d9352d, ftLastWriteTime.dwLowDateTime=0x6274c300, ftLastWriteTime.dwHighDateTime=0x1d9352d, nFileSizeHigh=0x0, nFileSizeLow=0xf530, dwReserved0=0x0, dwReserved1=0x0, cFileName="FhFI_-.mkv", cAlternateFileName="")) returned 1 [0133.712] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0133.712] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0133.713] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0133.713] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0133.713] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0133.713] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0133.713] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FhFI_-.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fhfi_-.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0133.713] GetFileType (hFile=0x2e4) returned 0x1 [0133.713] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=62768) returned 1 [0133.713] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=62768) returned 1 [0133.713] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0133.714] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0133.715] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0133.715] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0133.716] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0133.716] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0133.716] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0133.716] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=62768) returned 1 [0133.716] WriteFile (in: hFile=0x2e4, lpBuffer=0x4bfd40*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4bfd40*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0133.717] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0133.717] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0133.718] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0133.718] CloseHandle (hObject=0x2e4) returned 1 [0133.788] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0133.788] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39422ae0, ftCreationTime.dwHighDateTime=0x1d92ebb, ftLastAccessTime.dwLowDateTime=0x894d02c0, ftLastAccessTime.dwHighDateTime=0x1d933d0, ftLastWriteTime.dwLowDateTime=0x894d02c0, ftLastWriteTime.dwHighDateTime=0x1d933d0, nFileSizeHigh=0x0, nFileSizeLow=0xdf3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="HRe28UwE020sVBMZQXSM.wav", cAlternateFileName="HRE28U~1.WAV")) returned 1 [0133.788] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0133.788] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0133.788] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0133.788] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0133.788] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0133.788] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0133.789] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\HRe28UwE020sVBMZQXSM.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\hre28uwe020svbmzqxsm.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0133.789] GetFileType (hFile=0x2e4) returned 0x1 [0133.908] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=57147) returned 1 [0133.909] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=57147) returned 1 [0133.909] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0133.909] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0133.911] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0133.911] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0133.912] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0133.912] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0133.912] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0133.913] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=57147) returned 1 [0133.913] WriteFile (in: hFile=0x2e4, lpBuffer=0x4bfd40*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4bfd40*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0133.916] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0133.916] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0133.917] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0133.917] CloseHandle (hObject=0x2e4) returned 1 [0134.211] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0134.213] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb78db5e0, ftCreationTime.dwHighDateTime=0x1d9312c, ftLastAccessTime.dwLowDateTime=0x39c93d60, ftLastAccessTime.dwHighDateTime=0x1d9336a, ftLastWriteTime.dwLowDateTime=0x39c93d60, ftLastWriteTime.dwHighDateTime=0x1d9336a, nFileSizeHigh=0x0, nFileSizeLow=0x15e63, dwReserved0=0x0, dwReserved1=0x0, cFileName="ietUiQ4ShEt 5.docx", cAlternateFileName="IETUIQ~1.DOC")) returned 1 [0134.213] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0134.213] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0134.213] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0134.214] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0134.214] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0134.214] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0134.214] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ietUiQ4ShEt 5.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ietuiq4shet 5.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0134.214] GetFileType (hFile=0x2e4) returned 0x1 [0134.214] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=89699) returned 1 [0134.214] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=89699) returned 1 [0134.215] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0134.215] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x15e63) returned 0x48cf50 [0134.217] ReadFile (in: hFile=0x2e4, lpBuffer=0x48cf50, nNumberOfBytesToRead=0x15000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x48cf50*, lpNumberOfBytesRead=0xc9daf8*=0x15000, lpOverlapped=0x0) returned 1 [0134.219] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0134.219] ReadFile (in: hFile=0x2e4, lpBuffer=0x484c40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesRead=0xc9da88*=0xe63, lpOverlapped=0x0) returned 1 [0134.219] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x15e70) returned 0x4e21e0 [0134.221] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x15e70) returned 0x4f8060 [0134.225] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4e21e0 | out: hHeap=0x430000) returned 1 [0134.225] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0134.225] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0134.226] WriteFile (in: hFile=0x2e4, lpBuffer=0x4f8d02*, nNumberOfBytesToWrite=0x15000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x4f8d02*, lpNumberOfBytesWritten=0xc9d9f4*=0x15000, lpOverlapped=0x0) returned 1 [0134.226] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x2ce, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc9da84*=0x2ce, lpOverlapped=0x0) returned 1 [0134.227] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0134.227] CloseHandle (hObject=0x2e4) returned 1 [0135.298] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0135.302] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4f8060 | out: hHeap=0x430000) returned 1 [0135.303] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28479d00, ftCreationTime.dwHighDateTime=0x1d947a8, ftLastAccessTime.dwLowDateTime=0x354d9780, ftLastAccessTime.dwHighDateTime=0x1d9477a, ftLastWriteTime.dwLowDateTime=0x6815be80, ftLastWriteTime.dwHighDateTime=0x1d93533, nFileSizeHigh=0x0, nFileSizeLow=0x21400, dwReserved0=0x0, dwReserved1=0x0, cFileName="JHaFdvIr.exe", cAlternateFileName="")) returned 1 [0135.304] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0135.304] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0135.304] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0135.304] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0135.304] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0135.304] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0135.304] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37dc55e0, ftCreationTime.dwHighDateTime=0x1d92a74, ftLastAccessTime.dwLowDateTime=0xdfd23c30, ftLastAccessTime.dwHighDateTime=0x1d93477, ftLastWriteTime.dwLowDateTime=0xdfd23c30, ftLastWriteTime.dwHighDateTime=0x1d93477, nFileSizeHigh=0x0, nFileSizeLow=0x9ddf, dwReserved0=0x0, dwReserved1=0x0, cFileName="JmOoaS6u8M9cmhXt.avi", cAlternateFileName="JMOOAS~1.AVI")) returned 1 [0135.304] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0135.304] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0135.304] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0135.304] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0135.304] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0135.304] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0135.309] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\JmOoaS6u8M9cmhXt.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jmooas6u8m9cmhxt.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0135.309] GetFileType (hFile=0x2e4) returned 0x1 [0135.309] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=40415) returned 1 [0135.309] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=40415) returned 1 [0135.309] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0135.309] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0135.311] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0135.311] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0135.313] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0135.313] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0135.313] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0135.313] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=40415) returned 1 [0135.313] WriteFile (in: hFile=0x2e4, lpBuffer=0x4bfd40*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4bfd40*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0135.314] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0135.314] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0135.315] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0135.315] CloseHandle (hObject=0x2e4) returned 1 [0135.972] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0136.031] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6ff3e90, ftCreationTime.dwHighDateTime=0x1d92b1e, ftLastAccessTime.dwLowDateTime=0x9cfd23e0, ftLastAccessTime.dwHighDateTime=0x1d932c2, ftLastWriteTime.dwLowDateTime=0x9cfd23e0, ftLastWriteTime.dwHighDateTime=0x1d932c2, nFileSizeHigh=0x0, nFileSizeLow=0x2366, dwReserved0=0x0, dwReserved1=0x0, cFileName="L27gnkwUaPU.wav", cAlternateFileName="L27GNK~1.WAV")) returned 1 [0136.031] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.031] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.031] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.031] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.031] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.031] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.031] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\L27gnkwUaPU.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\l27gnkwuapu.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0136.032] GetFileType (hFile=0x2e4) returned 0x1 [0136.032] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=9062) returned 1 [0136.032] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=9062) returned 1 [0136.032] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0136.032] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x2366, lpOverlapped=0x0) returned 1 [0136.035] ReadFile (in: hFile=0x2e4, lpBuffer=0xc95f76, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc95f76*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0136.035] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2370) returned 0x15af750 [0136.035] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2370) returned 0x4bad00 [0136.036] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0136.037] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0136.037] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0136.038] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0136.038] WriteFile (in: hFile=0x2e4, lpBuffer=0x4bad00*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4bad00*, lpNumberOfBytesWritten=0xc938c4*=0x2000, lpOverlapped=0x0) returned 1 [0136.038] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0136.038] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x470, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x470, lpOverlapped=0x0) returned 1 [0136.039] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0136.040] CloseHandle (hObject=0x2e4) returned 1 [0136.042] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0136.042] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c5aae70, ftCreationTime.dwHighDateTime=0x1d92b5f, ftLastAccessTime.dwLowDateTime=0xe4bf5fc0, ftLastAccessTime.dwHighDateTime=0x1d93206, ftLastWriteTime.dwLowDateTime=0xe4bf5fc0, ftLastWriteTime.dwHighDateTime=0x1d93206, nFileSizeHigh=0x0, nFileSizeLow=0x18e9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="LWOpNwhoWf-tD6clCMOy.flv", cAlternateFileName="LWOPNW~1.FLV")) returned 1 [0136.042] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.042] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.043] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.043] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.043] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.043] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.043] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\LWOpNwhoWf-tD6clCMOy.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lwopnwhowf-td6clcmoy.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0136.043] GetFileType (hFile=0x2e4) returned 0x1 [0136.043] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=102047) returned 1 [0136.044] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=102047) returned 1 [0136.044] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0136.044] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0136.045] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0136.045] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x51c290 [0136.047] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0136.047] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0136.047] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0136.047] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=102047) returned 1 [0136.048] WriteFile (in: hFile=0x2e4, lpBuffer=0x51c290*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x51c290*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0136.048] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0136.048] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0136.049] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0136.049] CloseHandle (hObject=0x2e4) returned 1 [0136.053] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x51c290 | out: hHeap=0x430000) returned 1 [0136.054] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x513ff7d0, ftCreationTime.dwHighDateTime=0x1d9332a, ftLastAccessTime.dwLowDateTime=0xcc035bc0, ftLastAccessTime.dwHighDateTime=0x1d935c2, ftLastWriteTime.dwLowDateTime=0xcc035bc0, ftLastWriteTime.dwHighDateTime=0x1d935c2, nFileSizeHigh=0x0, nFileSizeLow=0x158bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="NwY6hKuwxHg.doc", cAlternateFileName="NWY6HK~1.DOC")) returned 1 [0136.054] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.054] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.054] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.054] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.054] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.054] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.054] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NwY6hKuwxHg.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nwy6hkuwxhg.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0136.054] GetFileType (hFile=0x2e4) returned 0x1 [0136.055] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=88252) returned 1 [0136.055] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=88252) returned 1 [0136.055] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0136.055] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x158bc) returned 0x48cf50 [0136.178] ReadFile (in: hFile=0x2e4, lpBuffer=0x48cf50, nNumberOfBytesToRead=0x15000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x48cf50*, lpNumberOfBytesRead=0xc9daf8*=0x15000, lpOverlapped=0x0) returned 1 [0136.180] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0136.180] ReadFile (in: hFile=0x2e4, lpBuffer=0x484c40, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesRead=0xc9da88*=0x8bc, lpOverlapped=0x0) returned 1 [0136.180] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x158c0) returned 0x1580080 [0136.182] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x158c0) returned 0x15ddce0 [0136.186] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x1580080 | out: hHeap=0x430000) returned 1 [0136.187] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0136.187] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0136.188] WriteFile (in: hFile=0x2e4, lpBuffer=0x15de982*, nNumberOfBytesToWrite=0x14000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x15de982*, lpNumberOfBytesWritten=0xc9d9f4*=0x14000, lpOverlapped=0x0) returned 1 [0136.188] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0xd1e, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc9da84*=0xd1e, lpOverlapped=0x0) returned 1 [0136.189] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0136.189] CloseHandle (hObject=0x2e4) returned 1 [0136.774] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0136.778] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ddce0 | out: hHeap=0x430000) returned 1 [0136.779] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6dd306f0, ftCreationTime.dwHighDateTime=0x1d92fdb, ftLastAccessTime.dwLowDateTime=0xd61680, ftLastAccessTime.dwHighDateTime=0x1d93177, ftLastWriteTime.dwLowDateTime=0xd61680, ftLastWriteTime.dwHighDateTime=0x1d93177, nFileSizeHigh=0x0, nFileSizeLow=0x7541, dwReserved0=0x0, dwReserved1=0x0, cFileName="ohl0ID R665MlqcWPnkd.jpg", cAlternateFileName="OHL0ID~1.JPG")) returned 1 [0136.779] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.779] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.779] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.779] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.779] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0136.780] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0136.780] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ohl0ID R665MlqcWPnkd.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ohl0id r665mlqcwpnkd.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0136.780] GetFileType (hFile=0x2e4) returned 0x1 [0136.780] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=30017) returned 1 [0136.781] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=30017) returned 1 [0136.781] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0136.781] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0136.788] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0136.789] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0136.791] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0136.791] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0136.792] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0136.792] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=30017) returned 1 [0136.792] WriteFile (in: hFile=0x2e4, lpBuffer=0x15af750*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x15af750*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0136.793] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0136.793] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0136.794] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0136.794] CloseHandle (hObject=0x2e4) returned 1 [0137.037] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0137.037] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3c6e100, ftCreationTime.dwHighDateTime=0x1d93314, ftLastAccessTime.dwLowDateTime=0xcaf28350, ftLastAccessTime.dwHighDateTime=0x1d93496, ftLastWriteTime.dwLowDateTime=0xcaf28350, ftLastWriteTime.dwHighDateTime=0x1d93496, nFileSizeHigh=0x0, nFileSizeLow=0x28a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ol8V8.wav", cAlternateFileName="")) returned 1 [0137.037] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.037] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.037] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.037] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.037] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.037] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.038] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Ol8V8.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ol8v8.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.038] GetFileType (hFile=0x2e4) returned 0x1 [0137.038] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=10408) returned 1 [0137.038] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=10408) returned 1 [0137.038] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.038] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x28a8, lpOverlapped=0x0) returned 1 [0137.040] ReadFile (in: hFile=0x2e4, lpBuffer=0xc964b8, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc964b8*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0137.040] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x28b0) returned 0x4bad00 [0137.041] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x28b0) returned 0x5116f0 [0137.042] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0137.042] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.042] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.043] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0137.043] WriteFile (in: hFile=0x2e4, lpBuffer=0x5116f0*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x5116f0*, lpNumberOfBytesWritten=0xc938c4*=0x2000, lpOverlapped=0x0) returned 1 [0137.044] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0137.044] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x9b0, lpOverlapped=0x0) returned 1 [0137.044] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0137.045] CloseHandle (hObject=0x2e4) returned 1 [0137.085] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x5116f0 | out: hHeap=0x430000) returned 1 [0137.085] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3d37270, ftCreationTime.dwHighDateTime=0x1d92976, ftLastAccessTime.dwLowDateTime=0x6479af90, ftLastAccessTime.dwHighDateTime=0x1d93581, ftLastWriteTime.dwLowDateTime=0x6479af90, ftLastWriteTime.dwHighDateTime=0x1d93581, nFileSizeHigh=0x0, nFileSizeLow=0xbc78, dwReserved0=0x0, dwReserved1=0x0, cFileName="osCn.swf", cAlternateFileName="")) returned 1 [0137.085] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.085] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.085] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.085] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.085] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.085] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.086] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\osCn.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\oscn.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.086] GetFileType (hFile=0x2e4) returned 0x1 [0137.086] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=48248) returned 1 [0137.086] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=48248) returned 1 [0137.086] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.086] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0137.088] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0137.088] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0137.090] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0137.090] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.090] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.091] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=48248) returned 1 [0137.091] WriteFile (in: hFile=0x2e4, lpBuffer=0x15af750*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x15af750*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.092] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0137.092] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0137.093] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0137.096] CloseHandle (hObject=0x2e4) returned 1 [0137.128] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0137.128] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f82780, ftCreationTime.dwHighDateTime=0x1d935f1, ftLastAccessTime.dwLowDateTime=0xbb199890, ftLastAccessTime.dwHighDateTime=0x1d9360a, ftLastWriteTime.dwLowDateTime=0xbb199890, ftLastWriteTime.dwHighDateTime=0x1d9360a, nFileSizeHigh=0x0, nFileSizeLow=0xf07c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q8qRvFmm3IQe7eqKqz.bmp", cAlternateFileName="Q8QRVF~1.BMP")) returned 1 [0137.128] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.128] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.128] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.128] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.128] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.128] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.129] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Q8qRvFmm3IQe7eqKqz.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\q8qrvfmm3iqe7eqkqz.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.129] GetFileType (hFile=0x2e4) returned 0x1 [0137.129] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=61564) returned 1 [0137.129] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=61564) returned 1 [0137.129] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.129] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0137.131] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0137.131] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0137.133] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0137.133] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.133] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.134] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=61564) returned 1 [0137.134] WriteFile (in: hFile=0x2e4, lpBuffer=0x15af750*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x15af750*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.135] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0137.135] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0137.136] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0137.136] CloseHandle (hObject=0x2e4) returned 1 [0137.285] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0137.285] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x806d33d0, ftCreationTime.dwHighDateTime=0x1d93044, ftLastAccessTime.dwLowDateTime=0x2fd2abe0, ftLastAccessTime.dwHighDateTime=0x1d931ce, ftLastWriteTime.dwLowDateTime=0x2fd2abe0, ftLastWriteTime.dwHighDateTime=0x1d931ce, nFileSizeHigh=0x0, nFileSizeLow=0x102b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="ttBDr.gif", cAlternateFileName="")) returned 1 [0137.285] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.285] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.285] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.285] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.285] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.285] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.286] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ttBDr.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ttbdr.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.286] GetFileType (hFile=0x2e4) returned 0x1 [0137.286] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=66229) returned 1 [0137.286] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=66229) returned 1 [0137.286] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.287] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0137.288] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0137.288] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0137.290] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0137.290] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.290] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.290] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=66229) returned 1 [0137.291] WriteFile (in: hFile=0x2e4, lpBuffer=0x15af750*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x15af750*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.291] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0137.292] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0137.292] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0137.292] CloseHandle (hObject=0x2e4) returned 1 [0137.311] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0137.311] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52b56f90, ftCreationTime.dwHighDateTime=0x1d93484, ftLastAccessTime.dwLowDateTime=0x76cfc660, ftLastAccessTime.dwHighDateTime=0x1d9361d, ftLastWriteTime.dwLowDateTime=0x76cfc660, ftLastWriteTime.dwHighDateTime=0x1d9361d, nFileSizeHigh=0x0, nFileSizeLow=0x11c26, dwReserved0=0x0, dwReserved1=0x0, cFileName="unFqS0IAA-HHEp.wav", cAlternateFileName="UNFQS0~1.WAV")) returned 1 [0137.311] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.311] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.312] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.312] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.312] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.312] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.313] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\unFqS0IAA-HHEp.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\unfqs0iaa-hhep.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.313] GetFileType (hFile=0x2e4) returned 0x1 [0137.313] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=72742) returned 1 [0137.313] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=72742) returned 1 [0137.314] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.314] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0137.315] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0137.315] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0137.316] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0137.317] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.317] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.317] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=72742) returned 1 [0137.317] WriteFile (in: hFile=0x2e4, lpBuffer=0x15af750*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x15af750*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.318] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0137.318] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0137.319] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0137.319] CloseHandle (hObject=0x2e4) returned 1 [0137.365] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0137.365] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8561b180, ftCreationTime.dwHighDateTime=0x1d92bfe, ftLastAccessTime.dwLowDateTime=0x4df18ca0, ftLastAccessTime.dwHighDateTime=0x1d92fa7, ftLastWriteTime.dwLowDateTime=0x4df18ca0, ftLastWriteTime.dwHighDateTime=0x1d92fa7, nFileSizeHigh=0x0, nFileSizeLow=0x10b32, dwReserved0=0x0, dwReserved1=0x0, cFileName="WeC6taEqPlgqc7c.swf", cAlternateFileName="WEC6TA~1.SWF")) returned 1 [0137.365] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.365] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.365] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.365] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.365] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.365] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.365] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WeC6taEqPlgqc7c.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\wec6taeqplgqc7c.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.366] GetFileType (hFile=0x2e4) returned 0x1 [0137.366] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=68402) returned 1 [0137.366] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=68402) returned 1 [0137.366] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.366] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0137.375] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0137.375] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0137.376] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0137.376] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.377] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.377] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=68402) returned 1 [0137.377] WriteFile (in: hFile=0x2e4, lpBuffer=0x15af750*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x15af750*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.378] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0137.378] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0137.379] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0137.379] CloseHandle (hObject=0x2e4) returned 1 [0137.408] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0137.408] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e6dddf0, ftCreationTime.dwHighDateTime=0x1d928f0, ftLastAccessTime.dwLowDateTime=0x2b5384e0, ftLastAccessTime.dwHighDateTime=0x1d92e77, ftLastWriteTime.dwLowDateTime=0x2b5384e0, ftLastWriteTime.dwHighDateTime=0x1d92e77, nFileSizeHigh=0x0, nFileSizeLow=0x18cad, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZGTkYd2PTX5 vmJh.swf", cAlternateFileName="ZGTKYD~1.SWF")) returned 1 [0137.408] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.408] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.408] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.408] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.408] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.408] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.408] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ZGTkYd2PTX5 vmJh.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zgtkyd2ptx5 vmjh.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.409] GetFileType (hFile=0x2e4) returned 0x1 [0137.409] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=101549) returned 1 [0137.409] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=101549) returned 1 [0137.409] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.409] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0137.411] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0137.411] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0137.412] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0137.412] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0137.413] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.413] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=101549) returned 1 [0137.413] WriteFile (in: hFile=0x2e4, lpBuffer=0x15af750*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x15af750*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0137.414] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0137.414] WriteFile (in: hFile=0x2e4, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0137.415] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0137.415] CloseHandle (hObject=0x2e4) returned 1 [0137.497] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0137.497] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0137.498] GetLastError () returned 0x12 [0137.498] GetLastError () returned 0x12 [0137.498] SetLastError (dwErrCode=0x12) [0137.498] FindClose (in: hFindFile=0x440110 | out: hFindFile=0x440110) returned 1 [0137.498] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe1bd30ef, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe1bd30ef, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0137.498] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0137.498] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0137.498] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0137.498] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0137.498] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0137.498] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0137.498] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x438e40 [0137.498] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.499] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.499] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.499] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.499] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.499] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.506] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe1bd30ef, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe1bd30ef, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0137.506] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.506] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.506] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.507] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.507] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.507] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.507] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36e9710, ftCreationTime.dwHighDateTime=0x1d91e21, ftLastAccessTime.dwLowDateTime=0x9742a820, ftLastAccessTime.dwHighDateTime=0x1d93318, ftLastWriteTime.dwLowDateTime=0x9742a820, ftLastWriteTime.dwHighDateTime=0x1d93318, nFileSizeHigh=0x0, nFileSizeLow=0x14b55, dwReserved0=0x0, dwReserved1=0x1, cFileName="-1C3jY4Vl.xlsx", cAlternateFileName="-1C3JY~1.XLS")) returned 1 [0137.507] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.507] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.507] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.507] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.507] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.507] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.508] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\-1C3jY4Vl.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\-1c3jy4vl.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.508] GetFileType (hFile=0x2e4) returned 0x1 [0137.508] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=84821) returned 1 [0137.508] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=84821) returned 1 [0137.508] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0137.508] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x14b55) returned 0x15ddce0 [0137.511] ReadFile (in: hFile=0x2e4, lpBuffer=0x15ddce0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x15ddce0*, lpNumberOfBytesRead=0xc9daf8*=0x14000, lpOverlapped=0x0) returned 1 [0137.513] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0137.513] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d5250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesRead=0xc9da88*=0xb55, lpOverlapped=0x0) returned 1 [0137.513] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x14b60) returned 0x48cf50 [0137.516] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x14b60) returned 0x1580080 [0137.522] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0137.522] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0137.523] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0137.523] WriteFile (in: hFile=0x2e4, lpBuffer=0x1580d22*, nNumberOfBytesToWrite=0x13000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x1580d22*, lpNumberOfBytesWritten=0xc9d9f4*=0x13000, lpOverlapped=0x0) returned 1 [0137.524] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0xfbe, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc9da84*=0xfbe, lpOverlapped=0x0) returned 1 [0137.524] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0137.524] CloseHandle (hObject=0x2e4) returned 1 [0137.529] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ddce0 | out: hHeap=0x430000) returned 1 [0137.601] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x1580080 | out: hHeap=0x430000) returned 1 [0137.603] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x858c0bc0, ftCreationTime.dwHighDateTime=0x1d8d65d, ftLastAccessTime.dwLowDateTime=0xaade0c00, ftLastAccessTime.dwHighDateTime=0x1d92515, ftLastWriteTime.dwLowDateTime=0xaade0c00, ftLastWriteTime.dwHighDateTime=0x1d92515, nFileSizeHigh=0x0, nFileSizeLow=0x11283, dwReserved0=0x0, dwReserved1=0x0, cFileName="2hljBgD1 RG.docx", cAlternateFileName="2HLJBG~1.DOC")) returned 1 [0137.603] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.603] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.603] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.603] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.603] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.603] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.604] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\2hljBgD1 RG.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\2hljbgd1 rg.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.604] GetFileType (hFile=0x2e4) returned 0x1 [0137.604] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=70275) returned 1 [0137.604] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=70275) returned 1 [0137.604] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0137.605] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x11283) returned 0x15ddce0 [0137.607] ReadFile (in: hFile=0x2e4, lpBuffer=0x15ddce0, nNumberOfBytesToRead=0x11000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x15ddce0*, lpNumberOfBytesRead=0xc9daf8*=0x11000, lpOverlapped=0x0) returned 1 [0137.608] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0137.608] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d9290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesRead=0xc9da88*=0x283, lpOverlapped=0x0) returned 1 [0137.608] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x11290) returned 0x48cf50 [0137.615] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x11290) returned 0x1580080 [0137.621] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0137.621] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0137.621] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0137.621] WriteFile (in: hFile=0x2e4, lpBuffer=0x1580d22*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x1580d22*, lpNumberOfBytesWritten=0xc9d9f4*=0x10000, lpOverlapped=0x0) returned 1 [0137.622] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x6ee, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc9da84*=0x6ee, lpOverlapped=0x0) returned 1 [0137.623] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0137.623] CloseHandle (hObject=0x2e4) returned 1 [0137.628] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ddce0 | out: hHeap=0x430000) returned 1 [0137.631] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x1580080 | out: hHeap=0x430000) returned 1 [0137.633] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac18b6b0, ftCreationTime.dwHighDateTime=0x1d8be0e, ftLastAccessTime.dwLowDateTime=0xba7b5cf0, ftLastAccessTime.dwHighDateTime=0x1d8d487, ftLastWriteTime.dwLowDateTime=0xba7b5cf0, ftLastWriteTime.dwHighDateTime=0x1d8d487, nFileSizeHigh=0x0, nFileSizeLow=0xe5ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="3MLRCwi-_Xdb6cchu_-.xlsx", cAlternateFileName="3MLRCW~1.XLS")) returned 1 [0137.633] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.633] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.633] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.633] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.633] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.633] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.634] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3MLRCwi-_Xdb6cchu_-.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3mlrcwi-_xdb6cchu_-.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.634] GetFileType (hFile=0x2e4) returned 0x1 [0137.634] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=58861) returned 1 [0137.634] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=58861) returned 1 [0137.634] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0137.634] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0xe5ed) returned 0x5021f0 [0137.637] ReadFile (in: hFile=0x2e4, lpBuffer=0x5021f0, nNumberOfBytesToRead=0xe000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x5021f0*, lpNumberOfBytesRead=0xc9daf8*=0xe000, lpOverlapped=0x0) returned 1 [0137.646] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0137.646] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d2220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesRead=0xc9da88*=0x5ed, lpOverlapped=0x0) returned 1 [0137.647] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xe5f0) returned 0x15ddce0 [0137.648] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xe5f0) returned 0x48cf50 [0137.652] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ddce0 | out: hHeap=0x430000) returned 1 [0137.652] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0137.653] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0137.653] WriteFile (in: hFile=0x2e4, lpBuffer=0x48dbf2*, nNumberOfBytesToWrite=0xd000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x48dbf2*, lpNumberOfBytesWritten=0xc9d9f4*=0xd000, lpOverlapped=0x0) returned 1 [0137.653] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0xa4e, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc9da84*=0xa4e, lpOverlapped=0x0) returned 1 [0137.654] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0137.654] CloseHandle (hObject=0x2e4) returned 1 [0137.660] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x5021f0 | out: hHeap=0x430000) returned 1 [0137.661] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0137.663] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4dfb71b0, ftCreationTime.dwHighDateTime=0x1d92d78, ftLastAccessTime.dwLowDateTime=0x6d847eb0, ftLastAccessTime.dwHighDateTime=0x1d934f2, ftLastWriteTime.dwLowDateTime=0x6d847eb0, ftLastWriteTime.dwHighDateTime=0x1d934f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3Ozrn-C", cAlternateFileName="")) returned 1 [0137.663] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.663] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.663] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.663] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.663] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.663] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.664] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3Ozrn-C\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3ozrn-c\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x438f00 [0137.664] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.664] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.664] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.664] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.664] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.664] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.664] FindNextFileW (in: hFindFile=0x438f00, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4dfb71b0, ftCreationTime.dwHighDateTime=0x1d92d78, ftLastAccessTime.dwLowDateTime=0x6d847eb0, ftLastAccessTime.dwHighDateTime=0x1d934f2, ftLastWriteTime.dwLowDateTime=0x6d847eb0, ftLastWriteTime.dwHighDateTime=0x1d934f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 1 [0137.665] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.665] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.665] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.665] FindNextFileW (in: hFindFile=0x438f00, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4a6e860, ftCreationTime.dwHighDateTime=0x1d92a5c, ftLastAccessTime.dwLowDateTime=0x7a349710, ftLastAccessTime.dwHighDateTime=0x1d9314d, ftLastWriteTime.dwLowDateTime=0x7a349710, ftLastWriteTime.dwHighDateTime=0x1d9314d, nFileSizeHigh=0x0, nFileSizeLow=0x1197a, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="-YU2Lx-6ZIPnCPiAFFe.ppt", cAlternateFileName="-YU2LX~1.PPT")) returned 1 [0137.665] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.665] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.665] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.665] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.666] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3Ozrn-C\\-YU2Lx-6ZIPnCPiAFFe.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3ozrn-c\\-yu2lx-6zipncpiaffe.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0137.666] GetFileType (hFile=0x314) returned 0x1 [0137.666] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9d298*=72058) returned 1 [0137.666] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9d248*=72058) returned 1 [0137.666] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0137.666] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x1197a) returned 0x15ddce0 [0137.668] ReadFile (in: hFile=0x314, lpBuffer=0x15ddce0, nNumberOfBytesToRead=0x11000, lpNumberOfBytesRead=0xc9d208, lpOverlapped=0x0 | out: lpBuffer=0x15ddce0*, lpNumberOfBytesRead=0xc9d208*=0x11000, lpOverlapped=0x0) returned 1 [0137.669] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4da2a0 [0137.669] ReadFile (in: hFile=0x314, lpBuffer=0x4da2a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9d198, lpOverlapped=0x0 | out: lpBuffer=0x4da2a0*, lpNumberOfBytesRead=0xc9d198*=0x97a, lpOverlapped=0x0) returned 1 [0137.669] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x11980) returned 0x48cf50 [0137.671] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x11980) returned 0x1580080 [0137.716] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0137.716] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0137.716] WriteFile (in: hFile=0x314, lpBuffer=0x4da2a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d0d4, lpOverlapped=0x0 | out: lpBuffer=0x4da2a0*, lpNumberOfBytesWritten=0xc9d0d4*=0x1000, lpOverlapped=0x0) returned 1 [0137.716] WriteFile (in: hFile=0x314, lpBuffer=0x1580d22*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0xc9d104, lpOverlapped=0x0 | out: lpBuffer=0x1580d22*, lpNumberOfBytesWritten=0xc9d104*=0x10000, lpOverlapped=0x0) returned 1 [0137.717] WriteFile (in: hFile=0x314, lpBuffer=0x4da2a0*, nNumberOfBytesToWrite=0xdde, lpNumberOfBytesWritten=0xc9d194, lpOverlapped=0x0 | out: lpBuffer=0x4da2a0*, lpNumberOfBytesWritten=0xc9d194*=0xdde, lpOverlapped=0x0) returned 1 [0137.717] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4da2a0 | out: hHeap=0x430000) returned 1 [0137.718] CloseHandle (hObject=0x314) returned 1 [0137.724] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ddce0 | out: hHeap=0x430000) returned 1 [0137.727] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x1580080 | out: hHeap=0x430000) returned 1 [0137.728] FindNextFileW (in: hFindFile=0x438f00, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9df80e0, ftCreationTime.dwHighDateTime=0x1d9353f, ftLastAccessTime.dwLowDateTime=0x3ca8a180, ftLastAccessTime.dwHighDateTime=0x1d935d9, ftLastWriteTime.dwLowDateTime=0x3ca8a180, ftLastWriteTime.dwHighDateTime=0x1d935d9, nFileSizeHigh=0x0, nFileSizeLow=0x17c8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="CdvPrp3Nu1pnIZzw.pps", cAlternateFileName="CDVPRP~1.PPS")) returned 1 [0137.729] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.729] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.729] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.729] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.729] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.729] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.729] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3Ozrn-C\\CdvPrp3Nu1pnIZzw.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3ozrn-c\\cdvprp3nu1pnizzw.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0137.730] GetFileType (hFile=0x314) returned 0x1 [0137.730] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=97419) returned 1 [0137.730] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=97419) returned 1 [0137.730] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0137.730] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0137.731] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0137.731] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0137.733] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0137.733] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0137.734] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0137.734] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=97419) returned 1 [0137.734] WriteFile (in: hFile=0x314, lpBuffer=0x15af750*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x15af750*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0137.735] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0137.735] WriteFile (in: hFile=0x314, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0137.736] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0137.737] CloseHandle (hObject=0x314) returned 1 [0137.743] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0137.743] FindNextFileW (in: hFindFile=0x438f00, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4262e60, ftCreationTime.dwHighDateTime=0x1d92db2, ftLastAccessTime.dwLowDateTime=0x37c7b630, ftLastAccessTime.dwHighDateTime=0x1d92dc6, ftLastWriteTime.dwLowDateTime=0x37c7b630, ftLastWriteTime.dwHighDateTime=0x1d92dc6, nFileSizeHigh=0x0, nFileSizeLow=0x3e56, dwReserved0=0x0, dwReserved1=0x0, cFileName="h38g6jq9H1qf ZYhaRF.docx", cAlternateFileName="H38G6J~1.DOC")) returned 1 [0137.743] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.743] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.743] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.743] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.744] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.744] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.744] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3Ozrn-C\\h38g6jq9H1qf ZYhaRF.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3ozrn-c\\h38g6jq9h1qf zyharf.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0137.744] GetFileType (hFile=0x314) returned 0x1 [0137.744] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9d298*=15958) returned 1 [0137.745] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9d248*=15958) returned 1 [0137.745] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0137.745] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x3e56) returned 0x4bad00 [0137.746] ReadFile (in: hFile=0x314, lpBuffer=0x4bad00, nNumberOfBytesToRead=0x3000, lpNumberOfBytesRead=0xc9d208, lpOverlapped=0x0 | out: lpBuffer=0x4bad00*, lpNumberOfBytesRead=0xc9d208*=0x3000, lpOverlapped=0x0) returned 1 [0137.747] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0137.747] ReadFile (in: hFile=0x314, lpBuffer=0x4d3230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9d198, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesRead=0xc9d198*=0xe56, lpOverlapped=0x0) returned 1 [0137.747] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3e60) returned 0x5116f0 [0137.747] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3e60) returned 0x526720 [0137.749] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x5116f0 | out: hHeap=0x430000) returned 1 [0137.749] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0137.749] WriteFile (in: hFile=0x314, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d0d4, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc9d0d4*=0x1000, lpOverlapped=0x0) returned 1 [0137.749] WriteFile (in: hFile=0x314, lpBuffer=0x5273c2*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0xc9d104, lpOverlapped=0x0 | out: lpBuffer=0x5273c2*, lpNumberOfBytesWritten=0xc9d104*=0x3000, lpOverlapped=0x0) returned 1 [0137.750] WriteFile (in: hFile=0x314, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x2be, lpNumberOfBytesWritten=0xc9d194, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc9d194*=0x2be, lpOverlapped=0x0) returned 1 [0137.750] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0137.750] CloseHandle (hObject=0x314) returned 1 [0137.753] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0137.754] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0137.754] FindNextFileW (in: hFindFile=0x438f00, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28598d60, ftCreationTime.dwHighDateTime=0x1d92b17, ftLastAccessTime.dwLowDateTime=0x42e91570, ftLastAccessTime.dwHighDateTime=0x1d92f49, ftLastWriteTime.dwLowDateTime=0x42e91570, ftLastWriteTime.dwHighDateTime=0x1d92f49, nFileSizeHigh=0x0, nFileSizeLow=0x142c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vrr3e.ppt", cAlternateFileName="")) returned 1 [0137.754] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.754] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.754] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.754] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.754] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.754] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.754] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3Ozrn-C\\Vrr3e.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3ozrn-c\\vrr3e.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0137.755] GetFileType (hFile=0x314) returned 0x1 [0137.755] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9d298*=82627) returned 1 [0137.755] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9d248*=82627) returned 1 [0137.755] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0137.755] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x142c3) returned 0x15ddce0 [0137.758] ReadFile (in: hFile=0x314, lpBuffer=0x15ddce0, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0xc9d208, lpOverlapped=0x0 | out: lpBuffer=0x15ddce0*, lpNumberOfBytesRead=0xc9d208*=0x14000, lpOverlapped=0x0) returned 1 [0137.802] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0137.802] ReadFile (in: hFile=0x314, lpBuffer=0x4d8280, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9d198, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesRead=0xc9d198*=0x2c3, lpOverlapped=0x0) returned 1 [0137.802] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x142d0) returned 0x48cf50 [0137.804] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x142d0) returned 0x1580080 [0137.810] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0137.813] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0137.813] WriteFile (in: hFile=0x314, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d0d4, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc9d0d4*=0x1000, lpOverlapped=0x0) returned 1 [0137.813] WriteFile (in: hFile=0x314, lpBuffer=0x1580d22*, nNumberOfBytesToWrite=0x13000, lpNumberOfBytesWritten=0xc9d104, lpOverlapped=0x0 | out: lpBuffer=0x1580d22*, lpNumberOfBytesWritten=0xc9d104*=0x13000, lpOverlapped=0x0) returned 1 [0137.814] WriteFile (in: hFile=0x314, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x72e, lpNumberOfBytesWritten=0xc9d194, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc9d194*=0x72e, lpOverlapped=0x0) returned 1 [0137.879] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0137.879] CloseHandle (hObject=0x314) returned 1 [0137.885] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ddce0 | out: hHeap=0x430000) returned 1 [0137.889] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x1580080 | out: hHeap=0x430000) returned 1 [0137.892] FindNextFileW (in: hFindFile=0x438f00, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0xcf0811d6, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0137.892] GetLastError () returned 0x12 [0137.893] GetLastError () returned 0x12 [0137.893] SetLastError (dwErrCode=0x12) [0137.893] FindClose (in: hFindFile=0x438f00 | out: hFindFile=0x438f00) returned 1 [0137.893] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc332c0, ftCreationTime.dwHighDateTime=0x1d8c076, ftLastAccessTime.dwLowDateTime=0xc40c6e50, ftLastAccessTime.dwHighDateTime=0x1d8ff82, ftLastWriteTime.dwLowDateTime=0xc40c6e50, ftLastWriteTime.dwHighDateTime=0x1d8ff82, nFileSizeHigh=0x0, nFileSizeLow=0x126d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="5oXD JYe1.xlsx", cAlternateFileName="5OXDJY~1.XLS")) returned 1 [0137.893] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.893] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.893] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.893] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.893] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.893] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.894] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\5oXD JYe1.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\5oxd jye1.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.894] GetFileType (hFile=0x2e4) returned 0x1 [0137.894] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=75480) returned 1 [0137.895] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=75480) returned 1 [0137.895] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0137.895] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x126d8) returned 0x15ddce0 [0137.898] ReadFile (in: hFile=0x2e4, lpBuffer=0x15ddce0, nNumberOfBytesToRead=0x12000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x15ddce0*, lpNumberOfBytesRead=0xc9daf8*=0x12000, lpOverlapped=0x0) returned 1 [0137.903] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0137.903] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d3230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesRead=0xc9da88*=0x6d8, lpOverlapped=0x0) returned 1 [0137.903] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x126e0) returned 0x48cf50 [0137.905] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x126e0) returned 0x1580080 [0137.911] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0137.912] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0137.913] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0137.913] WriteFile (in: hFile=0x2e4, lpBuffer=0x1580d22*, nNumberOfBytesToWrite=0x11000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x1580d22*, lpNumberOfBytesWritten=0xc9d9f4*=0x11000, lpOverlapped=0x0) returned 1 [0137.914] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0xb3e, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc9da84*=0xb3e, lpOverlapped=0x0) returned 1 [0137.914] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0137.914] CloseHandle (hObject=0x2e4) returned 1 [0137.968] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ddce0 | out: hHeap=0x430000) returned 1 [0137.970] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x1580080 | out: hHeap=0x430000) returned 1 [0137.972] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35c84090, ftCreationTime.dwHighDateTime=0x1d8b9f2, ftLastAccessTime.dwLowDateTime=0x98e5df20, ftLastAccessTime.dwHighDateTime=0x1d8d6c6, ftLastWriteTime.dwLowDateTime=0x98e5df20, ftLastWriteTime.dwHighDateTime=0x1d8d6c6, nFileSizeHigh=0x0, nFileSizeLow=0x15af, dwReserved0=0x0, dwReserved1=0x0, cFileName="6PDiYDbFPa.pptx", cAlternateFileName="6PDIYD~1.PPT")) returned 1 [0137.972] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.972] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.972] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.972] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.972] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.972] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.972] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6PDiYDbFPa.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6pdiydbfpa.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0137.973] GetFileType (hFile=0x2e4) returned 0x1 [0137.973] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=5551) returned 1 [0137.973] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=5551) returned 1 [0137.973] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0137.973] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x15af) returned 0x524a30 [0137.974] ReadFile (in: hFile=0x2e4, lpBuffer=0x524a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x524a30*, lpNumberOfBytesRead=0xc9daf8*=0x1000, lpOverlapped=0x0) returned 1 [0137.974] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0137.974] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d4240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesRead=0xc9da88*=0x5af, lpOverlapped=0x0) returned 1 [0137.974] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x15b0) returned 0x4bad00 [0137.974] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x15b0) returned 0x4bc2c0 [0137.975] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bad00 | out: hHeap=0x430000) returned 1 [0137.975] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0137.975] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d994, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc9d994*=0x1000, lpOverlapped=0x0) returned 1 [0137.976] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0xa0e, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc9da84*=0xa0e, lpOverlapped=0x0) returned 1 [0137.976] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0137.977] CloseHandle (hObject=0x2e4) returned 1 [0137.979] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x524a30 | out: hHeap=0x430000) returned 1 [0137.979] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bc2c0 | out: hHeap=0x430000) returned 1 [0137.981] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb985730, ftCreationTime.dwHighDateTime=0x1d92f07, ftLastAccessTime.dwLowDateTime=0x2c035f90, ftLastAccessTime.dwHighDateTime=0x1d92f09, ftLastWriteTime.dwLowDateTime=0x2c035f90, ftLastWriteTime.dwHighDateTime=0x1d92f09, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8KT1V6XMJnk5nR_vJ-", cAlternateFileName="8KT1V6~1")) returned 1 [0137.981] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.981] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.981] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.981] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.981] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0137.981] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0137.981] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8KT1V6XMJnk5nR_vJ-\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8kt1v6xmjnk5nr_vj-\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x438f00 [0137.982] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.982] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.983] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.983] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.983] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.983] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.983] FindNextFileW (in: hFindFile=0x438f00, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb985730, ftCreationTime.dwHighDateTime=0x1d92f07, ftLastAccessTime.dwLowDateTime=0x2c035f90, ftLastAccessTime.dwHighDateTime=0x1d92f09, ftLastWriteTime.dwLowDateTime=0x2c035f90, ftLastWriteTime.dwHighDateTime=0x1d92f09, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0137.983] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.983] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.983] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.983] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.983] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.983] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.984] FindNextFileW (in: hFindFile=0x438f00, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4249fd80, ftCreationTime.dwHighDateTime=0x1d9292e, ftLastAccessTime.dwLowDateTime=0xe5b42610, ftLastAccessTime.dwHighDateTime=0x1d929ad, ftLastWriteTime.dwLowDateTime=0xe5b42610, ftLastWriteTime.dwHighDateTime=0x1d929ad, nFileSizeHigh=0x0, nFileSizeLow=0x60c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="QH2yTaFyQ15m.ots", cAlternateFileName="QH2YTA~1.OTS")) returned 1 [0137.984] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.984] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.984] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.984] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.984] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.984] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.984] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8KT1V6XMJnk5nR_vJ-\\QH2yTaFyQ15m.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8kt1v6xmjnk5nr_vj-\\qh2ytafyq15m.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0137.985] GetFileType (hFile=0x314) returned 0x1 [0137.985] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=24771) returned 1 [0137.985] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=24771) returned 1 [0137.985] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0137.985] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0137.986] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0137.987] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0137.989] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0137.989] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0137.989] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0137.989] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=24771) returned 1 [0137.989] WriteFile (in: hFile=0x314, lpBuffer=0x15af750*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x15af750*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0137.990] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0137.991] WriteFile (in: hFile=0x314, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0137.991] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0137.991] CloseHandle (hObject=0x314) returned 1 [0137.996] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0137.996] FindNextFileW (in: hFindFile=0x438f00, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x947a8620, ftCreationTime.dwHighDateTime=0x1d93215, ftLastAccessTime.dwLowDateTime=0x113b480, ftLastAccessTime.dwHighDateTime=0x1d93263, ftLastWriteTime.dwLowDateTime=0x113b480, ftLastWriteTime.dwHighDateTime=0x1d93263, nFileSizeHigh=0x0, nFileSizeLow=0x158dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="t XodtQj3D.odt", cAlternateFileName="TXODTQ~1.ODT")) returned 1 [0137.996] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.996] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.997] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.997] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.997] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0137.997] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0137.997] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8KT1V6XMJnk5nR_vJ-\\t XodtQj3D.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8kt1v6xmjnk5nr_vj-\\t xodtqj3d.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0137.997] GetFileType (hFile=0x314) returned 0x1 [0137.997] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=88284) returned 1 [0137.998] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=88284) returned 1 [0137.998] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0137.998] ReadFile (in: hFile=0x314, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0137.999] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4bfd40 [0137.999] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15af750 [0138.000] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bfd40 | out: hHeap=0x430000) returned 1 [0138.000] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0138.000] WriteFile (in: hFile=0x314, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0138.001] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=88284) returned 1 [0138.001] WriteFile (in: hFile=0x314, lpBuffer=0x15af750*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x15af750*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0138.002] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0138.003] WriteFile (in: hFile=0x314, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0138.003] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0138.003] CloseHandle (hObject=0x314) returned 1 [0138.174] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15af750 | out: hHeap=0x430000) returned 1 [0138.175] FindNextFileW (in: hFindFile=0x438f00, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.175] GetLastError () returned 0x12 [0138.175] GetLastError () returned 0x12 [0138.175] SetLastError (dwErrCode=0x12) [0138.175] FindClose (in: hFindFile=0x438f00 | out: hFindFile=0x438f00) returned 1 [0138.175] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b2ebb70, ftCreationTime.dwHighDateTime=0x1d8ace9, ftLastAccessTime.dwLowDateTime=0x5349f270, ftLastAccessTime.dwHighDateTime=0x1d93347, ftLastWriteTime.dwLowDateTime=0x5349f270, ftLastWriteTime.dwHighDateTime=0x1d93347, nFileSizeHigh=0x0, nFileSizeLow=0xf3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="9adZsO.xlsx", cAlternateFileName="9ADZSO~1.XLS")) returned 1 [0138.175] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.175] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.175] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.175] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.176] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.176] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.176] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9adZsO.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\9adzso.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0138.176] GetFileType (hFile=0x2e4) returned 0x1 [0138.177] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=62368) returned 1 [0138.177] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=62368) returned 1 [0138.177] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0138.177] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0xf3a0) returned 0x15ddce0 [0138.180] ReadFile (in: hFile=0x2e4, lpBuffer=0x15ddce0, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x15ddce0*, lpNumberOfBytesRead=0xc9daf8*=0xf000, lpOverlapped=0x0) returned 1 [0138.182] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0138.182] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d4240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesRead=0xc9da88*=0x3a0, lpOverlapped=0x0) returned 1 [0138.183] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xf3b0) returned 0x48cf50 [0138.186] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xf3b0) returned 0x49c310 [0138.191] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0138.191] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0138.191] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0138.192] WriteFile (in: hFile=0x2e4, lpBuffer=0x49cfb2*, nNumberOfBytesToWrite=0xe000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x49cfb2*, lpNumberOfBytesWritten=0xc9d9f4*=0xe000, lpOverlapped=0x0) returned 1 [0138.192] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x80e, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc9da84*=0x80e, lpOverlapped=0x0) returned 1 [0138.193] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0138.193] CloseHandle (hObject=0x2e4) returned 1 [0138.202] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ddce0 | out: hHeap=0x430000) returned 1 [0138.206] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x49c310 | out: hHeap=0x430000) returned 1 [0138.208] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65695590, ftCreationTime.dwHighDateTime=0x1d8f90e, ftLastAccessTime.dwLowDateTime=0x5f0e2f70, ftLastAccessTime.dwHighDateTime=0x1d8fdb6, ftLastWriteTime.dwLowDateTime=0x5f0e2f70, ftLastWriteTime.dwHighDateTime=0x1d8fdb6, nFileSizeHigh=0x0, nFileSizeLow=0x130c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aJADt6bVVwkuva.pptx", cAlternateFileName="AJADT6~1.PPT")) returned 1 [0138.208] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.208] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.208] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.209] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.209] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.209] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.209] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\aJADt6bVVwkuva.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ajadt6bvvwkuva.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0138.209] GetFileType (hFile=0x2e4) returned 0x1 [0138.210] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=78016) returned 1 [0138.210] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=78016) returned 1 [0138.210] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0138.210] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x130c0) returned 0x15ddce0 [0138.213] ReadFile (in: hFile=0x2e4, lpBuffer=0x15ddce0, nNumberOfBytesToRead=0x13000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x15ddce0*, lpNumberOfBytesRead=0xc9daf8*=0x13000, lpOverlapped=0x0) returned 1 [0138.316] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0138.316] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d6260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesRead=0xc9da88*=0xc0, lpOverlapped=0x0) returned 1 [0138.316] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x130d0) returned 0x15bdcd0 [0138.384] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x130d0) returned 0x48cf50 [0138.392] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15bdcd0 | out: hHeap=0x430000) returned 1 [0138.394] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0138.394] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0138.395] WriteFile (in: hFile=0x2e4, lpBuffer=0x48dbf2*, nNumberOfBytesToWrite=0x12000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x48dbf2*, lpNumberOfBytesWritten=0xc9d9f4*=0x12000, lpOverlapped=0x0) returned 1 [0138.395] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x52e, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc9da84*=0x52e, lpOverlapped=0x0) returned 1 [0138.396] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0138.396] CloseHandle (hObject=0x2e4) returned 1 [0138.400] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ddce0 | out: hHeap=0x430000) returned 1 [0138.413] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0138.414] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4372e947, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0138.414] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.414] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.414] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.414] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.415] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.415] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.415] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0138.415] GetFileType (hFile=0x2e4) returned 0x1 [0138.415] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=402) returned 1 [0138.416] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=402) returned 1 [0138.416] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0138.416] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x192, lpOverlapped=0x0) returned 1 [0138.417] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93da2, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93da2*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0138.417] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1a0) returned 0x4759a0 [0138.417] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1a0) returned 0x4b4f80 [0138.418] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4759a0 | out: hHeap=0x430000) returned 1 [0138.418] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0138.418] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0138.423] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0138.423] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0138.423] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc93954*=0x2a0, lpOverlapped=0x0) returned 1 [0138.424] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0138.424] CloseHandle (hObject=0x2e4) returned 1 [0138.429] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4b4f80 | out: hHeap=0x430000) returned 1 [0138.429] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21fef5e0, ftCreationTime.dwHighDateTime=0x1d8accd, ftLastAccessTime.dwLowDateTime=0xe38ce010, ftLastAccessTime.dwHighDateTime=0x1d8af29, ftLastWriteTime.dwLowDateTime=0xe38ce010, ftLastWriteTime.dwHighDateTime=0x1d8af29, nFileSizeHigh=0x0, nFileSizeLow=0x17cb5, dwReserved0=0x0, dwReserved1=0x0, cFileName="dPfH.xlsx", cAlternateFileName="DPFH~1.XLS")) returned 1 [0138.429] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.429] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.429] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.429] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.429] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.429] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.430] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\dPfH.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\dpfh.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0138.430] GetFileType (hFile=0x2e4) returned 0x1 [0138.430] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=97461) returned 1 [0138.430] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=97461) returned 1 [0138.430] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0138.430] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x17cb5) returned 0x48cf50 [0138.517] ReadFile (in: hFile=0x2e4, lpBuffer=0x48cf50, nNumberOfBytesToRead=0x17000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x48cf50*, lpNumberOfBytesRead=0xc9daf8*=0x17000, lpOverlapped=0x0) returned 1 [0138.519] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0138.520] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d3230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesRead=0xc9da88*=0xcb5, lpOverlapped=0x0) returned 1 [0138.520] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x17cc0) returned 0x15bccc0 [0138.523] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x17cc0) returned 0x15d4990 [0138.531] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15bccc0 | out: hHeap=0x430000) returned 1 [0138.534] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0138.535] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0138.535] WriteFile (in: hFile=0x2e4, lpBuffer=0x15d5632*, nNumberOfBytesToWrite=0x17000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x15d5632*, lpNumberOfBytesWritten=0xc9d9f4*=0x17000, lpOverlapped=0x0) returned 1 [0138.536] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x11e, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc9da84*=0x11e, lpOverlapped=0x0) returned 1 [0138.537] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0138.537] CloseHandle (hObject=0x2e4) returned 1 [0138.542] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0138.545] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15d4990 | out: hHeap=0x430000) returned 1 [0138.547] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7b20440, ftCreationTime.dwHighDateTime=0x1d92b54, ftLastAccessTime.dwLowDateTime=0x2afe0470, ftLastAccessTime.dwHighDateTime=0x1d93462, ftLastWriteTime.dwLowDateTime=0x2afe0470, ftLastWriteTime.dwHighDateTime=0x1d93462, nFileSizeHigh=0x0, nFileSizeLow=0xc950, dwReserved0=0x0, dwReserved1=0x0, cFileName="gIrC80297sFhHoMM1Ql3.pps", cAlternateFileName="GIRC80~1.PPS")) returned 1 [0138.547] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.547] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.547] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.547] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.547] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.547] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.548] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\gIrC80297sFhHoMM1Ql3.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\girc80297sfhhomm1ql3.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0138.548] GetFileType (hFile=0x2e4) returned 0x1 [0138.548] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=51536) returned 1 [0138.548] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=51536) returned 1 [0138.548] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0138.549] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0138.549] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0138.550] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x526720 [0138.552] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0138.552] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0138.552] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0138.553] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=51536) returned 1 [0138.553] WriteFile (in: hFile=0x2e4, lpBuffer=0x526720*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0138.554] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0138.554] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0138.555] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0138.555] CloseHandle (hObject=0x2e4) returned 1 [0138.599] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0138.599] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb8bedc0, ftCreationTime.dwHighDateTime=0x1d91de6, ftLastAccessTime.dwLowDateTime=0x2e791e20, ftLastAccessTime.dwHighDateTime=0x1d93104, ftLastWriteTime.dwLowDateTime=0x2e791e20, ftLastWriteTime.dwHighDateTime=0x1d93104, nFileSizeHigh=0x0, nFileSizeLow=0x810a, dwReserved0=0x0, dwReserved1=0x0, cFileName="i- aInfNn8gwF6sT2ZSD.docx", cAlternateFileName="I-AINF~1.DOC")) returned 1 [0138.600] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.600] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.600] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.600] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.600] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.600] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.600] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\i- aInfNn8gwF6sT2ZSD.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\i- ainfnn8gwf6st2zsd.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0138.601] GetFileType (hFile=0x2e4) returned 0x1 [0138.601] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=33034) returned 1 [0138.601] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=33034) returned 1 [0138.601] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0138.601] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x810a) returned 0x526720 [0138.601] ReadFile (in: hFile=0x2e4, lpBuffer=0x526720, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesRead=0xc9daf8*=0x8000, lpOverlapped=0x0) returned 1 [0138.602] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0138.602] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d6260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesRead=0xc9da88*=0x10a, lpOverlapped=0x0) returned 1 [0138.602] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x8110) returned 0x518280 [0138.603] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x8110) returned 0x4c3d50 [0138.606] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x518280 | out: hHeap=0x430000) returned 1 [0138.606] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0138.606] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0138.607] WriteFile (in: hFile=0x2e4, lpBuffer=0x4c49f2*, nNumberOfBytesToWrite=0x7000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x4c49f2*, lpNumberOfBytesWritten=0xc9d9f4*=0x7000, lpOverlapped=0x0) returned 1 [0138.607] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x56e, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc9da84*=0x56e, lpOverlapped=0x0) returned 1 [0138.608] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0138.608] CloseHandle (hObject=0x2e4) returned 1 [0138.611] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0138.612] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4c3d50 | out: hHeap=0x430000) returned 1 [0138.613] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43787560, ftCreationTime.dwHighDateTime=0x1d91538, ftLastAccessTime.dwLowDateTime=0x23b811a0, ftLastAccessTime.dwHighDateTime=0x1d917b7, ftLastWriteTime.dwLowDateTime=0x23b811a0, ftLastWriteTime.dwHighDateTime=0x1d917b7, nFileSizeHigh=0x0, nFileSizeLow=0x9f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="i1cfxv.pptx", cAlternateFileName="I1CFXV~1.PPT")) returned 1 [0138.613] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.613] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.613] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.614] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.614] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.614] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.614] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\i1cfxv.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\i1cfxv.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0138.614] GetFileType (hFile=0x2e4) returned 0x1 [0138.614] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=2548) returned 1 [0138.614] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=2548) returned 1 [0138.615] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0138.615] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x9f4) returned 0x461a90 [0138.615] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0138.615] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d6260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesRead=0xc9da88*=0x9f4, lpOverlapped=0x0) returned 1 [0138.615] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xa00) returned 0x453740 [0138.615] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xa00) returned 0x462ff0 [0138.616] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x453740 | out: hHeap=0x430000) returned 1 [0138.616] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0138.616] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0xe5e, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc9da84*=0xe5e, lpOverlapped=0x0) returned 1 [0138.617] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0138.617] CloseHandle (hObject=0x2e4) returned 1 [0138.621] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x461a90 | out: hHeap=0x430000) returned 1 [0138.622] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462ff0 | out: hHeap=0x430000) returned 1 [0138.622] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5e547c00, ftCreationTime.dwHighDateTime=0x1d9295e, ftLastAccessTime.dwLowDateTime=0xcf6a6660, ftLastAccessTime.dwHighDateTime=0x1d92cc0, ftLastWriteTime.dwLowDateTime=0xcf6a6660, ftLastWriteTime.dwHighDateTime=0x1d92cc0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JMnxWVH_VkEeY JKK9", cAlternateFileName="JMNXWV~1")) returned 1 [0138.622] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.622] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.622] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.622] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.622] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0138.622] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0138.622] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43fdb0 [0138.623] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.623] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.623] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.623] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.623] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.623] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.623] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5e547c00, ftCreationTime.dwHighDateTime=0x1d9295e, ftLastAccessTime.dwLowDateTime=0xcf6a6660, ftLastAccessTime.dwHighDateTime=0x1d92cc0, ftLastWriteTime.dwLowDateTime=0xcf6a6660, ftLastWriteTime.dwHighDateTime=0x1d92cc0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.623] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.623] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.623] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.623] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.624] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.624] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.624] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6124cb0, ftCreationTime.dwHighDateTime=0x1d92842, ftLastAccessTime.dwLowDateTime=0x17bbcc00, ftLastAccessTime.dwHighDateTime=0x1d933de, ftLastWriteTime.dwLowDateTime=0x17bbcc00, ftLastWriteTime.dwHighDateTime=0x1d933de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3vwP7Ny7F0uOf", cAlternateFileName="3VWP7N~1")) returned 1 [0138.624] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.624] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.624] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.624] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.624] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.624] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.624] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\3vwP7Ny7F0uOf\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\3vwp7ny7f0uof\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9c810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9c810) returned 0x43fe70 [0138.625] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.625] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.625] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.625] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.625] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.625] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.625] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6124cb0, ftCreationTime.dwHighDateTime=0x1d92842, ftLastAccessTime.dwLowDateTime=0x17bbcc00, ftLastAccessTime.dwHighDateTime=0x1d933de, ftLastWriteTime.dwLowDateTime=0x17bbcc00, ftLastWriteTime.dwHighDateTime=0x1d933de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4146049, cFileName="..", cAlternateFileName="")) returned 1 [0138.625] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.625] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.625] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.625] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.625] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.625] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.626] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75bca160, ftCreationTime.dwHighDateTime=0x1d92e09, ftLastAccessTime.dwLowDateTime=0x7b137940, ftLastAccessTime.dwHighDateTime=0x1d930e8, ftLastWriteTime.dwLowDateTime=0x7b137940, ftLastWriteTime.dwHighDateTime=0x1d930e8, nFileSizeHigh=0x0, nFileSizeLow=0x4e7c, dwReserved0=0x0, dwReserved1=0x4146049, cFileName="2ejGWQ2Q1PK.csv", cAlternateFileName="2EJGWQ~1.CSV")) returned 1 [0138.626] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.626] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.626] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.626] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.626] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.626] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.626] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\3vwP7Ny7F0uOf\\2ejGWQ2Q1PK.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\3vwp7ny7f0uof\\2ejgwq2q1pk.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9c818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0138.626] GetFileType (hFile=0x31c) returned 0x1 [0138.627] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9c9a8*=20092) returned 1 [0138.627] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9c958*=20092) returned 1 [0138.627] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.627] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x4e7c) returned 0x4ba7e0 [0138.628] ReadFile (in: hFile=0x31c, lpBuffer=0x4ba7e0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc9c918, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesRead=0xc9c918*=0x4000, lpOverlapped=0x0) returned 1 [0138.628] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0138.628] ReadFile (in: hFile=0x31c, lpBuffer=0x4d2220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9c8a8, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesRead=0xc9c8a8*=0xe7c, lpOverlapped=0x0) returned 1 [0138.628] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x4e80) returned 0x526720 [0138.629] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x4e80) returned 0x518280 [0138.631] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0138.631] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.631] WriteFile (in: hFile=0x31c, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9c7e4, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc9c7e4*=0x1000, lpOverlapped=0x0) returned 1 [0138.632] WriteFile (in: hFile=0x31c, lpBuffer=0x518f22*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xc9c814, lpOverlapped=0x0 | out: lpBuffer=0x518f22*, lpNumberOfBytesWritten=0xc9c814*=0x4000, lpOverlapped=0x0) returned 1 [0138.632] WriteFile (in: hFile=0x31c, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x2de, lpNumberOfBytesWritten=0xc9c8a4, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc9c8a4*=0x2de, lpOverlapped=0x0) returned 1 [0138.633] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0138.633] CloseHandle (hObject=0x31c) returned 1 [0138.752] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0138.752] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x518280 | out: hHeap=0x430000) returned 1 [0138.752] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x97000691, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.752] GetLastError () returned 0x12 [0138.752] GetLastError () returned 0x12 [0138.753] SetLastError (dwErrCode=0x12) [0138.753] FindClose (in: hFindFile=0x43fe70 | out: hFindFile=0x43fe70) returned 1 [0138.753] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x931f3210, ftCreationTime.dwHighDateTime=0x1d928e4, ftLastAccessTime.dwLowDateTime=0xc97d1cb0, ftLastAccessTime.dwHighDateTime=0x1d92c17, ftLastWriteTime.dwLowDateTime=0xc97d1cb0, ftLastWriteTime.dwHighDateTime=0x1d92c17, nFileSizeHigh=0x0, nFileSizeLow=0xdd7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eKSamG4h.csv", cAlternateFileName="")) returned 1 [0138.753] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.753] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.753] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.753] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.753] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.753] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.753] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\eKSamG4h.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\eksamg4h.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0138.754] GetFileType (hFile=0x1b8) returned 0x1 [0138.754] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9d298*=56702) returned 1 [0138.754] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9d248*=56702) returned 1 [0138.754] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0138.754] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0xdd7e) returned 0x4c3d50 [0138.756] ReadFile (in: hFile=0x1b8, lpBuffer=0x4c3d50, nNumberOfBytesToRead=0xd000, lpNumberOfBytesRead=0xc9d208, lpOverlapped=0x0 | out: lpBuffer=0x4c3d50*, lpNumberOfBytesRead=0xc9d208*=0xd000, lpOverlapped=0x0) returned 1 [0138.756] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0138.756] ReadFile (in: hFile=0x1b8, lpBuffer=0x4d7270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9d198, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesRead=0xc9d198*=0xd7e, lpOverlapped=0x0) returned 1 [0138.757] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xdd80) returned 0x15a0090 [0138.758] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xdd80) returned 0x5021f0 [0138.760] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15a0090 | out: hHeap=0x430000) returned 1 [0138.766] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0138.766] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d0d4, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc9d0d4*=0x1000, lpOverlapped=0x0) returned 1 [0138.766] WriteFile (in: hFile=0x1b8, lpBuffer=0x502e92*, nNumberOfBytesToWrite=0xd000, lpNumberOfBytesWritten=0xc9d104, lpOverlapped=0x0 | out: lpBuffer=0x502e92*, lpNumberOfBytesWritten=0xc9d104*=0xd000, lpOverlapped=0x0) returned 1 [0138.767] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x1de, lpNumberOfBytesWritten=0xc9d194, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc9d194*=0x1de, lpOverlapped=0x0) returned 1 [0138.768] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0138.768] CloseHandle (hObject=0x1b8) returned 1 [0138.771] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4c3d50 | out: hHeap=0x430000) returned 1 [0138.775] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x5021f0 | out: hHeap=0x430000) returned 1 [0138.775] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd7a891e0, ftCreationTime.dwHighDateTime=0x1d9316f, ftLastAccessTime.dwLowDateTime=0xdeaab870, ftLastAccessTime.dwHighDateTime=0x1d93290, ftLastWriteTime.dwLowDateTime=0xdeaab870, ftLastWriteTime.dwHighDateTime=0x1d93290, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fagweFCcJWoKDe1Q", cAlternateFileName="FAGWEF~1")) returned 1 [0138.775] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.775] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.776] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.776] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.776] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\fagweFCcJWoKDe1Q\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\fagwefccjwokde1q\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9c810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9c810) returned 0x440110 [0138.776] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.776] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.777] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.777] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd7a891e0, ftCreationTime.dwHighDateTime=0x1d9316f, ftLastAccessTime.dwLowDateTime=0xdeaab870, ftLastAccessTime.dwHighDateTime=0x1d93290, ftLastWriteTime.dwLowDateTime=0xdeaab870, ftLastWriteTime.dwHighDateTime=0x1d93290, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.777] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.777] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.777] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.777] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x556fc3a0, ftCreationTime.dwHighDateTime=0x1d932ce, ftLastAccessTime.dwLowDateTime=0xeda44f0, ftLastAccessTime.dwHighDateTime=0x1d9361c, ftLastWriteTime.dwLowDateTime=0xeda44f0, ftLastWriteTime.dwHighDateTime=0x1d9361c, nFileSizeHigh=0x0, nFileSizeLow=0xb036, dwReserved0=0x0, dwReserved1=0x0, cFileName="9k0JJ5Y1erJl.csv", cAlternateFileName="9K0JJ5~1.CSV")) returned 1 [0138.777] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.777] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.777] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.778] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\fagweFCcJWoKDe1Q\\9k0JJ5Y1erJl.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\fagwefccjwokde1q\\9k0jj5y1erjl.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9c818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0138.778] GetFileType (hFile=0x31c) returned 0x1 [0138.778] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9c9a8*=45110) returned 1 [0138.778] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9c958*=45110) returned 1 [0138.778] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.778] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0xb036) returned 0x518280 [0138.779] ReadFile (in: hFile=0x31c, lpBuffer=0x518280, nNumberOfBytesToRead=0xb000, lpNumberOfBytesRead=0xc9c918, lpOverlapped=0x0 | out: lpBuffer=0x518280*, lpNumberOfBytesRead=0xc9c918*=0xb000, lpOverlapped=0x0) returned 1 [0138.780] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0138.780] ReadFile (in: hFile=0x31c, lpBuffer=0x4d8280, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9c8a8, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesRead=0xc9c8a8*=0x36, lpOverlapped=0x0) returned 1 [0138.780] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xb040) returned 0x4c3d50 [0138.781] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xb040) returned 0x15a0090 [0138.784] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4c3d50 | out: hHeap=0x430000) returned 1 [0138.784] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.784] WriteFile (in: hFile=0x31c, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9c7e4, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc9c7e4*=0x1000, lpOverlapped=0x0) returned 1 [0138.784] WriteFile (in: hFile=0x31c, lpBuffer=0x15a0d32*, nNumberOfBytesToWrite=0xa000, lpNumberOfBytesWritten=0xc9c814, lpOverlapped=0x0 | out: lpBuffer=0x15a0d32*, lpNumberOfBytesWritten=0xc9c814*=0xa000, lpOverlapped=0x0) returned 1 [0138.785] WriteFile (in: hFile=0x31c, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x49e, lpNumberOfBytesWritten=0xc9c8a4, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc9c8a4*=0x49e, lpOverlapped=0x0) returned 1 [0138.786] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0138.786] CloseHandle (hObject=0x31c) returned 1 [0138.790] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x518280 | out: hHeap=0x430000) returned 1 [0138.791] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15a0090 | out: hHeap=0x430000) returned 1 [0138.804] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbeb6bda0, ftCreationTime.dwHighDateTime=0x1d92ab3, ftLastAccessTime.dwLowDateTime=0x63aeb9a0, ftLastAccessTime.dwHighDateTime=0x1d930fb, ftLastWriteTime.dwLowDateTime=0x63aeb9a0, ftLastWriteTime.dwHighDateTime=0x1d930fb, nFileSizeHigh=0x0, nFileSizeLow=0x6844, dwReserved0=0x0, dwReserved1=0x0, cFileName="CnmZgLgajw2D.pdf", cAlternateFileName="CNMZGL~1.PDF")) returned 1 [0138.804] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.804] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.804] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.804] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.804] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.804] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.805] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\fagweFCcJWoKDe1Q\\CnmZgLgajw2D.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\fagwefccjwokde1q\\cnmzglgajw2d.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9c818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0138.805] GetFileType (hFile=0x31c) returned 0x1 [0138.805] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9c9a8*=26692) returned 1 [0138.805] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9c958*=26692) returned 1 [0138.805] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.805] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x6844) returned 0x526720 [0138.806] ReadFile (in: hFile=0x31c, lpBuffer=0x526720, nNumberOfBytesToRead=0x6000, lpNumberOfBytesRead=0xc9c918, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesRead=0xc9c918*=0x6000, lpOverlapped=0x0) returned 1 [0138.806] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0138.806] ReadFile (in: hFile=0x31c, lpBuffer=0x4d5250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9c8a8, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesRead=0xc9c8a8*=0x844, lpOverlapped=0x0) returned 1 [0138.807] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x6850) returned 0x518280 [0138.807] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x6850) returned 0x4c3d50 [0138.809] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x518280 | out: hHeap=0x430000) returned 1 [0138.810] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.810] WriteFile (in: hFile=0x31c, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9c7e4, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc9c7e4*=0x1000, lpOverlapped=0x0) returned 1 [0138.810] WriteFile (in: hFile=0x31c, lpBuffer=0x4c49f2*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc9c814, lpOverlapped=0x0 | out: lpBuffer=0x4c49f2*, lpNumberOfBytesWritten=0xc9c814*=0x5000, lpOverlapped=0x0) returned 1 [0138.810] WriteFile (in: hFile=0x31c, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0xcae, lpNumberOfBytesWritten=0xc9c8a4, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc9c8a4*=0xcae, lpOverlapped=0x0) returned 1 [0138.811] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0138.811] CloseHandle (hObject=0x31c) returned 1 [0138.813] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0138.813] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4c3d50 | out: hHeap=0x430000) returned 1 [0138.814] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd53e17e0, ftCreationTime.dwHighDateTime=0x1d92e09, ftLastAccessTime.dwLowDateTime=0x1f900f80, ftLastAccessTime.dwHighDateTime=0x1d92f34, ftLastWriteTime.dwLowDateTime=0x1f900f80, ftLastWriteTime.dwHighDateTime=0x1d92f34, nFileSizeHigh=0x0, nFileSizeLow=0xaece, dwReserved0=0x0, dwReserved1=0x0, cFileName="F4SU660iGO.pps", cAlternateFileName="F4SU66~1.PPS")) returned 1 [0138.815] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.815] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.815] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.815] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.815] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.815] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.815] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\fagweFCcJWoKDe1Q\\F4SU660iGO.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\fagwefccjwokde1q\\f4su660igo.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0138.815] GetFileType (hFile=0x31c) returned 0x1 [0138.815] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=44750) returned 1 [0138.816] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=44750) returned 1 [0138.816] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0138.816] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0138.816] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0138.817] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x526720 [0138.819] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0138.819] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0138.819] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0138.820] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=44750) returned 1 [0138.820] WriteFile (in: hFile=0x31c, lpBuffer=0x526720*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0138.821] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0138.821] WriteFile (in: hFile=0x31c, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0138.822] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0138.822] CloseHandle (hObject=0x31c) returned 1 [0138.829] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0138.829] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd030f1c0, ftCreationTime.dwHighDateTime=0x1d9293e, ftLastAccessTime.dwLowDateTime=0x41246490, ftLastAccessTime.dwHighDateTime=0x1d93437, ftLastWriteTime.dwLowDateTime=0x41246490, ftLastWriteTime.dwHighDateTime=0x1d93437, nFileSizeHigh=0x0, nFileSizeLow=0xa879, dwReserved0=0x0, dwReserved1=0x0, cFileName="fn-0 d2Jap.xls", cAlternateFileName="FN-0D2~1.XLS")) returned 1 [0138.829] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.829] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.829] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.829] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.829] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.829] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.830] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\fagweFCcJWoKDe1Q\\fn-0 d2Jap.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\fagwefccjwokde1q\\fn-0 d2jap.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9c818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0138.830] GetFileType (hFile=0x31c) returned 0x1 [0138.830] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9c9a8*=43129) returned 1 [0138.830] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9c958*=43129) returned 1 [0138.830] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.831] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0xa879) returned 0x518280 [0138.834] ReadFile (in: hFile=0x31c, lpBuffer=0x518280, nNumberOfBytesToRead=0xa000, lpNumberOfBytesRead=0xc9c918, lpOverlapped=0x0 | out: lpBuffer=0x518280*, lpNumberOfBytesRead=0xc9c918*=0xa000, lpOverlapped=0x0) returned 1 [0138.834] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0138.834] ReadFile (in: hFile=0x31c, lpBuffer=0x4d4240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9c8a8, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesRead=0xc9c8a8*=0x879, lpOverlapped=0x0) returned 1 [0138.835] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xa880) returned 0x4c3d50 [0138.836] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xa880) returned 0x15a0090 [0138.839] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4c3d50 | out: hHeap=0x430000) returned 1 [0138.878] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.878] WriteFile (in: hFile=0x31c, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9c7e4, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc9c7e4*=0x1000, lpOverlapped=0x0) returned 1 [0138.878] WriteFile (in: hFile=0x31c, lpBuffer=0x15a0d32*, nNumberOfBytesToWrite=0x9000, lpNumberOfBytesWritten=0xc9c814, lpOverlapped=0x0 | out: lpBuffer=0x15a0d32*, lpNumberOfBytesWritten=0xc9c814*=0x9000, lpOverlapped=0x0) returned 1 [0138.879] WriteFile (in: hFile=0x31c, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0xcde, lpNumberOfBytesWritten=0xc9c8a4, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc9c8a4*=0xcde, lpOverlapped=0x0) returned 1 [0138.879] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0138.879] CloseHandle (hObject=0x31c) returned 1 [0138.882] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x518280 | out: hHeap=0x430000) returned 1 [0138.883] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15a0090 | out: hHeap=0x430000) returned 1 [0138.885] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0xa70004a3, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.886] GetLastError () returned 0x12 [0138.886] GetLastError () returned 0x12 [0138.886] SetLastError (dwErrCode=0x12) [0138.886] FindClose (in: hFindFile=0x440110 | out: hFindFile=0x440110) returned 1 [0138.886] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0706b00, ftCreationTime.dwHighDateTime=0x1d92835, ftLastAccessTime.dwLowDateTime=0x1f27a210, ftLastAccessTime.dwHighDateTime=0x1d92994, ftLastWriteTime.dwLowDateTime=0x1f27a210, ftLastWriteTime.dwHighDateTime=0x1d92994, nFileSizeHigh=0x0, nFileSizeLow=0x11ea4, dwReserved0=0x0, dwReserved1=0x0, cFileName="hXnTSJr.odp", cAlternateFileName="")) returned 1 [0138.886] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.886] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.886] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.886] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.886] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.886] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.887] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\hXnTSJr.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\hxntsjr.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0138.887] GetFileType (hFile=0x1b8) returned 0x1 [0138.887] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=73380) returned 1 [0138.887] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=73380) returned 1 [0138.887] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0138.888] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0138.888] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0138.889] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x526720 [0138.890] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0138.891] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0138.891] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0138.891] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=73380) returned 1 [0138.891] WriteFile (in: hFile=0x1b8, lpBuffer=0x526720*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0138.892] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0138.892] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0138.893] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0138.893] CloseHandle (hObject=0x1b8) returned 1 [0138.897] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0138.897] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66776650, ftCreationTime.dwHighDateTime=0x1d92af7, ftLastAccessTime.dwLowDateTime=0x678d4a30, ftLastAccessTime.dwHighDateTime=0x1d93139, ftLastWriteTime.dwLowDateTime=0x678d4a30, ftLastWriteTime.dwHighDateTime=0x1d93139, nFileSizeHigh=0x0, nFileSizeLow=0x917d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vh2glqLH1V.xls", cAlternateFileName="VH2GLQ~1.XLS")) returned 1 [0138.897] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.897] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.897] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.897] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.897] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.897] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.898] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\Vh2glqLH1V.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\vh2glqlh1v.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0138.898] GetFileType (hFile=0x1b8) returned 0x1 [0138.898] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9d298*=37245) returned 1 [0138.898] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9d248*=37245) returned 1 [0138.898] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0138.899] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x917d) returned 0x518280 [0138.900] ReadFile (in: hFile=0x1b8, lpBuffer=0x518280, nNumberOfBytesToRead=0x9000, lpNumberOfBytesRead=0xc9d208, lpOverlapped=0x0 | out: lpBuffer=0x518280*, lpNumberOfBytesRead=0xc9d208*=0x9000, lpOverlapped=0x0) returned 1 [0138.900] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0138.901] ReadFile (in: hFile=0x1b8, lpBuffer=0x4d4240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9d198, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesRead=0xc9d198*=0x17d, lpOverlapped=0x0) returned 1 [0138.901] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x9180) returned 0x4c3d50 [0138.902] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x9180) returned 0x15a0090 [0138.905] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4c3d50 | out: hHeap=0x430000) returned 1 [0138.905] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0138.905] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d0d4, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc9d0d4*=0x1000, lpOverlapped=0x0) returned 1 [0138.906] WriteFile (in: hFile=0x1b8, lpBuffer=0x15a0d32*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0xc9d104, lpOverlapped=0x0 | out: lpBuffer=0x15a0d32*, lpNumberOfBytesWritten=0xc9d104*=0x8000, lpOverlapped=0x0) returned 1 [0138.906] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x5de, lpNumberOfBytesWritten=0xc9d194, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc9d194*=0x5de, lpOverlapped=0x0) returned 1 [0138.907] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0138.907] CloseHandle (hObject=0x1b8) returned 1 [0138.910] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x518280 | out: hHeap=0x430000) returned 1 [0138.910] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15a0090 | out: hHeap=0x430000) returned 1 [0138.912] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47fd1d10, ftCreationTime.dwHighDateTime=0x1d92df8, ftLastAccessTime.dwLowDateTime=0xfcfb8530, ftLastAccessTime.dwHighDateTime=0x1d92e25, ftLastWriteTime.dwLowDateTime=0xfcfb8530, ftLastWriteTime.dwHighDateTime=0x1d92e25, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="W5M-", cAlternateFileName="")) returned 1 [0138.912] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.912] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.913] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.913] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.913] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0138.913] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0138.913] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\W5M-\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\w5m-\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9c810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9c810) returned 0x43fe70 [0138.913] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.913] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.913] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.913] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.914] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.914] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.914] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47fd1d10, ftCreationTime.dwHighDateTime=0x1d92df8, ftLastAccessTime.dwLowDateTime=0xfcfb8530, ftLastAccessTime.dwHighDateTime=0x1d92e25, ftLastWriteTime.dwLowDateTime=0xfcfb8530, ftLastWriteTime.dwHighDateTime=0x1d92e25, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.914] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.914] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.914] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.914] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.914] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.914] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.914] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebed6660, ftCreationTime.dwHighDateTime=0x1d93329, ftLastAccessTime.dwLowDateTime=0x5c56e9c0, ftLastAccessTime.dwHighDateTime=0x1d93600, ftLastWriteTime.dwLowDateTime=0x5c56e9c0, ftLastWriteTime.dwHighDateTime=0x1d93600, nFileSizeHigh=0x0, nFileSizeLow=0x1688b, dwReserved0=0x0, dwReserved1=0x0, cFileName="gMxI3jBTRFbiX9pWbXu.docx", cAlternateFileName="GMXI3J~1.DOC")) returned 1 [0138.914] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.914] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.914] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.915] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.915] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.915] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.915] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\W5M-\\gMxI3jBTRFbiX9pWbXu.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\w5m-\\gmxi3jbtrfbix9pwbxu.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9c818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0138.915] GetFileType (hFile=0x31c) returned 0x1 [0138.915] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9c9a8*=92299) returned 1 [0138.916] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9c958*=92299) returned 1 [0138.916] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.916] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x1688b) returned 0x48cf50 [0138.921] ReadFile (in: hFile=0x31c, lpBuffer=0x48cf50, nNumberOfBytesToRead=0x16000, lpNumberOfBytesRead=0xc9c918, lpOverlapped=0x0 | out: lpBuffer=0x48cf50*, lpNumberOfBytesRead=0xc9c918*=0x16000, lpOverlapped=0x0) returned 1 [0138.922] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0138.922] ReadFile (in: hFile=0x31c, lpBuffer=0x4d2220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9c8a8, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesRead=0xc9c8a8*=0x88b, lpOverlapped=0x0) returned 1 [0138.922] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x16890) returned 0x15bccc0 [0138.925] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x16890) returned 0x15d3560 [0138.930] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15bccc0 | out: hHeap=0x430000) returned 1 [0138.930] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.930] WriteFile (in: hFile=0x31c, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9c7e4, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc9c7e4*=0x1000, lpOverlapped=0x0) returned 1 [0138.930] WriteFile (in: hFile=0x31c, lpBuffer=0x15d4202*, nNumberOfBytesToWrite=0x15000, lpNumberOfBytesWritten=0xc9c814, lpOverlapped=0x0 | out: lpBuffer=0x15d4202*, lpNumberOfBytesWritten=0xc9c814*=0x15000, lpOverlapped=0x0) returned 1 [0138.931] WriteFile (in: hFile=0x31c, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0xcee, lpNumberOfBytesWritten=0xc9c8a4, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc9c8a4*=0xcee, lpOverlapped=0x0) returned 1 [0138.932] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0138.932] CloseHandle (hObject=0x31c) returned 1 [0138.937] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0138.940] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15d3560 | out: hHeap=0x430000) returned 1 [0138.942] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90afc370, ftCreationTime.dwHighDateTime=0x1d9353f, ftLastAccessTime.dwLowDateTime=0x10ae90d0, ftLastAccessTime.dwHighDateTime=0x1d9354d, ftLastWriteTime.dwLowDateTime=0x10ae90d0, ftLastWriteTime.dwHighDateTime=0x1d9354d, nFileSizeHigh=0x0, nFileSizeLow=0x14640, dwReserved0=0x0, dwReserved1=0x0, cFileName="MxzwvznxGUpfEWUPt7.odt", cAlternateFileName="MXZWVZ~1.ODT")) returned 1 [0138.942] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.942] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.942] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.942] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.942] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.942] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.942] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\W5M-\\MxzwvznxGUpfEWUPt7.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\w5m-\\mxzwvznxgupfewupt7.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0138.943] GetFileType (hFile=0x31c) returned 0x1 [0138.943] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=83520) returned 1 [0138.943] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=83520) returned 1 [0138.943] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0138.944] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0138.944] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0138.945] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x526720 [0138.946] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0138.946] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0138.947] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0138.947] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=83520) returned 1 [0138.947] WriteFile (in: hFile=0x31c, lpBuffer=0x526720*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0138.949] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0138.949] WriteFile (in: hFile=0x31c, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0138.949] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0138.950] CloseHandle (hObject=0x31c) returned 1 [0138.954] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0138.954] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9314a6f0, ftCreationTime.dwHighDateTime=0x1d92ba6, ftLastAccessTime.dwLowDateTime=0xd660a5e0, ftLastAccessTime.dwHighDateTime=0x1d92dbc, ftLastWriteTime.dwLowDateTime=0xd660a5e0, ftLastWriteTime.dwHighDateTime=0x1d92dbc, nFileSizeHigh=0x0, nFileSizeLow=0x201f, dwReserved0=0x0, dwReserved1=0x0, cFileName="RkyCu.xls", cAlternateFileName="")) returned 1 [0138.954] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.954] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.954] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.955] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.955] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.955] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.955] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\W5M-\\RkyCu.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\w5m-\\rkycu.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9c818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0138.955] GetFileType (hFile=0x31c) returned 0x1 [0138.955] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9c9a8*=8223) returned 1 [0138.956] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9c958*=8223) returned 1 [0138.956] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.956] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x201f) returned 0x15b58c0 [0138.956] ReadFile (in: hFile=0x31c, lpBuffer=0x15b58c0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xc9c918, lpOverlapped=0x0 | out: lpBuffer=0x15b58c0*, lpNumberOfBytesRead=0xc9c918*=0x2000, lpOverlapped=0x0) returned 1 [0138.957] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0138.957] ReadFile (in: hFile=0x31c, lpBuffer=0x4d8280, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9c8a8, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesRead=0xc9c8a8*=0x1f, lpOverlapped=0x0) returned 1 [0138.957] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2020) returned 0x4ba7e0 [0138.957] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x2020) returned 0x4bc810 [0138.958] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0138.958] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.958] WriteFile (in: hFile=0x31c, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9c7e4, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc9c7e4*=0x1000, lpOverlapped=0x0) returned 1 [0138.958] WriteFile (in: hFile=0x31c, lpBuffer=0x4bd4b2*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9c814, lpOverlapped=0x0 | out: lpBuffer=0x4bd4b2*, lpNumberOfBytesWritten=0xc9c814*=0x1000, lpOverlapped=0x0) returned 1 [0138.959] WriteFile (in: hFile=0x31c, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x47e, lpNumberOfBytesWritten=0xc9c8a4, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc9c8a4*=0x47e, lpOverlapped=0x0) returned 1 [0138.959] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0138.959] CloseHandle (hObject=0x31c) returned 1 [0138.961] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0138.961] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4bc810 | out: hHeap=0x430000) returned 1 [0138.961] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76233320, ftCreationTime.dwHighDateTime=0x1d930c1, ftLastAccessTime.dwLowDateTime=0x5e6e5cc0, ftLastAccessTime.dwHighDateTime=0x1d934bb, ftLastWriteTime.dwLowDateTime=0x5e6e5cc0, ftLastWriteTime.dwHighDateTime=0x1d934bb, nFileSizeHigh=0x0, nFileSizeLow=0x113a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="xsz6r2s1m.pdf", cAlternateFileName="XSZ6R2~1.PDF")) returned 1 [0138.962] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.962] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.962] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.962] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.962] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0138.962] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0138.962] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\W5M-\\xsz6r2s1m.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\w5m-\\xsz6r2s1m.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9c818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0138.962] GetFileType (hFile=0x31c) returned 0x1 [0138.963] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9c9a8*=70568) returned 1 [0138.963] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9c958*=70568) returned 1 [0138.963] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0138.963] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x113a8) returned 0x5021f0 [0139.128] ReadFile (in: hFile=0x31c, lpBuffer=0x5021f0, nNumberOfBytesToRead=0x11000, lpNumberOfBytesRead=0xc9c918, lpOverlapped=0x0 | out: lpBuffer=0x5021f0*, lpNumberOfBytesRead=0xc9c918*=0x11000, lpOverlapped=0x0) returned 1 [0139.129] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0139.129] ReadFile (in: hFile=0x31c, lpBuffer=0x4d9290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9c8a8, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesRead=0xc9c8a8*=0x3a8, lpOverlapped=0x0) returned 1 [0139.130] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x113b0) returned 0x48cf50 [0139.131] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x113b0) returned 0x49e310 [0139.136] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0139.136] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc9c9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9c9a8*=0) returned 1 [0139.136] WriteFile (in: hFile=0x31c, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9c7e4, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc9c7e4*=0x1000, lpOverlapped=0x0) returned 1 [0139.137] WriteFile (in: hFile=0x31c, lpBuffer=0x49efb2*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0xc9c814, lpOverlapped=0x0 | out: lpBuffer=0x49efb2*, lpNumberOfBytesWritten=0xc9c814*=0x10000, lpOverlapped=0x0) returned 1 [0139.137] WriteFile (in: hFile=0x31c, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x80e, lpNumberOfBytesWritten=0xc9c8a4, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc9c8a4*=0x80e, lpOverlapped=0x0) returned 1 [0139.138] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0139.138] CloseHandle (hObject=0x31c) returned 1 [0139.142] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x5021f0 | out: hHeap=0x430000) returned 1 [0139.145] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x49e310 | out: hHeap=0x430000) returned 1 [0139.147] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0xa20805af, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0139.147] GetLastError () returned 0x12 [0139.147] GetLastError () returned 0x12 [0139.147] SetLastError (dwErrCode=0x12) [0139.147] FindClose (in: hFindFile=0x43fe70 | out: hFindFile=0x43fe70) returned 1 [0139.147] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a1e3230, ftCreationTime.dwHighDateTime=0x1d92d64, ftLastAccessTime.dwLowDateTime=0x1bd72fd0, ftLastAccessTime.dwHighDateTime=0x1d92e7c, ftLastWriteTime.dwLowDateTime=0x1bd72fd0, ftLastWriteTime.dwHighDateTime=0x1d92e7c, nFileSizeHigh=0x0, nFileSizeLow=0xf16, dwReserved0=0x0, dwReserved1=0x0, cFileName="y8N8SHV2.ots", cAlternateFileName="")) returned 1 [0139.147] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.147] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.147] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.147] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.148] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.148] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.148] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\y8N8SHV2.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\y8n8shv2.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.148] GetFileType (hFile=0x1b8) returned 0x1 [0139.148] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=3862) returned 1 [0139.148] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=3862) returned 1 [0139.149] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.149] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0xf16, lpOverlapped=0x0) returned 1 [0139.149] ReadFile (in: hFile=0x1b8, lpBuffer=0xc94236, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc94236*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0139.149] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xf20) returned 0x461a90 [0139.149] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xf20) returned 0x453740 [0139.150] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x461a90 | out: hHeap=0x430000) returned 1 [0139.150] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.150] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.151] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0139.164] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0139.164] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc92f74, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc92f74*=0x1000, lpOverlapped=0x0) returned 1 [0139.165] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc93064*=0x20, lpOverlapped=0x0) returned 1 [0139.166] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0139.166] CloseHandle (hObject=0x1b8) returned 1 [0139.169] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x453740 | out: hHeap=0x430000) returned 1 [0139.169] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0139.169] GetLastError () returned 0x12 [0139.169] GetLastError () returned 0x12 [0139.169] SetLastError (dwErrCode=0x12) [0139.169] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0139.169] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3e1a810, ftCreationTime.dwHighDateTime=0x1d92941, ftLastAccessTime.dwLowDateTime=0xc5349a80, ftLastAccessTime.dwHighDateTime=0x1d92cfc, ftLastWriteTime.dwLowDateTime=0xc5349a80, ftLastWriteTime.dwHighDateTime=0x1d92cfc, nFileSizeHigh=0x0, nFileSizeLow=0xaa9a, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="lxly.ots", cAlternateFileName="")) returned 1 [0139.169] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.169] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.170] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.170] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.170] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.170] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.170] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\lxly.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lxly.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.170] GetFileType (hFile=0x2e4) returned 0x1 [0139.170] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=43674) returned 1 [0139.171] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=43674) returned 1 [0139.171] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.171] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0139.171] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.172] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x526720 [0139.174] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.174] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.174] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.174] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=43674) returned 1 [0139.174] WriteFile (in: hFile=0x2e4, lpBuffer=0x526720*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.175] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0139.175] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0139.178] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0139.178] CloseHandle (hObject=0x2e4) returned 1 [0139.182] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0139.182] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0139.182] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.182] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.182] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.182] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.183] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.183] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.183] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my music\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0xffffffffffffffff [0139.183] GetLastError () returned 0x5 [0139.183] GetLastError () returned 0x5 [0139.183] SetLastError (dwErrCode=0x5) [0139.183] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0139.183] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.183] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.183] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.184] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.184] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.184] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.184] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my pictures\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0xffffffffffffffff [0139.184] GetLastError () returned 0x5 [0139.184] GetLastError () returned 0x5 [0139.184] SetLastError (dwErrCode=0x5) [0139.184] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0139.184] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.184] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.184] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.184] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.184] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.184] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.185] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my videos\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0xffffffffffffffff [0139.185] GetLastError () returned 0x5 [0139.185] GetLastError () returned 0x5 [0139.185] SetLastError (dwErrCode=0x5) [0139.185] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x839084fb, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x839084fb, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0139.185] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.185] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.185] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.185] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.185] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.185] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.185] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43fdb0 [0139.186] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.186] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.186] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.186] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.186] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.186] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.186] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x839084fb, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x886727b4, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0139.186] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.186] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.186] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.186] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.186] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.186] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.187] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6397affd, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6397affd, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x8866b39a, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="achoo@gdllo.de.pst", cAlternateFileName="ACHOO@~1.PST")) returned 1 [0139.187] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.187] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.187] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.187] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.187] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.187] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.187] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.187] GetFileType (hFile=0x1b8) returned 0x1 [0139.188] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=271360) returned 1 [0139.188] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=271360) returned 1 [0139.188] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.188] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0139.191] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.191] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x526720 [0139.193] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.193] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.193] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.193] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=271360) returned 1 [0139.193] WriteFile (in: hFile=0x1b8, lpBuffer=0x526720*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.201] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0139.201] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0139.201] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0139.201] CloseHandle (hObject=0x1b8) returned 1 [0139.212] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0139.212] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0139.212] GetLastError () returned 0x12 [0139.212] GetLastError () returned 0x12 [0139.212] SetLastError (dwErrCode=0x12) [0139.212] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0139.212] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99eef280, ftCreationTime.dwHighDateTime=0x1d8f124, ftLastAccessTime.dwLowDateTime=0x910f0530, ftLastAccessTime.dwHighDateTime=0x1d90220, ftLastWriteTime.dwLowDateTime=0x910f0530, ftLastWriteTime.dwHighDateTime=0x1d90220, nFileSizeHigh=0x0, nFileSizeLow=0x14634, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PzvzVyFhA-dtE.docx", cAlternateFileName="PZVZVY~1.DOC")) returned 1 [0139.212] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.212] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.212] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.212] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.213] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.213] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.213] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\PzvzVyFhA-dtE.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\pzvzvyfha-dte.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.213] GetFileType (hFile=0x2e4) returned 0x1 [0139.214] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=83508) returned 1 [0139.214] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=83508) returned 1 [0139.214] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0139.214] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x14634) returned 0x48cf50 [0139.217] ReadFile (in: hFile=0x2e4, lpBuffer=0x48cf50, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x48cf50*, lpNumberOfBytesRead=0xc9daf8*=0x14000, lpOverlapped=0x0) returned 1 [0139.218] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0139.218] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d2220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesRead=0xc9da88*=0x634, lpOverlapped=0x0) returned 1 [0139.218] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x14640) returned 0x15bccc0 [0139.220] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x14640) returned 0x15d1310 [0139.225] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15bccc0 | out: hHeap=0x430000) returned 1 [0139.225] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0139.225] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.226] WriteFile (in: hFile=0x2e4, lpBuffer=0x15d1fb2*, nNumberOfBytesToWrite=0x13000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x15d1fb2*, lpNumberOfBytesWritten=0xc9d9f4*=0x13000, lpOverlapped=0x0) returned 1 [0139.226] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0xa9e, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc9da84*=0xa9e, lpOverlapped=0x0) returned 1 [0139.227] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0139.227] CloseHandle (hObject=0x2e4) returned 1 [0139.272] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0139.276] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15d1310 | out: hHeap=0x430000) returned 1 [0139.278] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f32f10, ftCreationTime.dwHighDateTime=0x1d8f703, ftLastAccessTime.dwLowDateTime=0x27d19680, ftLastAccessTime.dwHighDateTime=0x1d8ff16, ftLastWriteTime.dwLowDateTime=0x27d19680, ftLastWriteTime.dwHighDateTime=0x1d8ff16, nFileSizeHigh=0x0, nFileSizeLow=0xeb7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SCTYy9mjk3.docx", cAlternateFileName="SCTYY9~1.DOC")) returned 1 [0139.278] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.278] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.278] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.278] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.279] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.279] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.279] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\SCTYy9mjk3.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sctyy9mjk3.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.279] GetFileType (hFile=0x2e4) returned 0x1 [0139.279] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=60286) returned 1 [0139.279] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=60286) returned 1 [0139.280] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0139.280] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0xeb7e) returned 0x15a0090 [0139.281] ReadFile (in: hFile=0x2e4, lpBuffer=0x15a0090, nNumberOfBytesToRead=0xe000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x15a0090*, lpNumberOfBytesRead=0xc9daf8*=0xe000, lpOverlapped=0x0) returned 1 [0139.282] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0139.282] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d4240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesRead=0xc9da88*=0xb7e, lpOverlapped=0x0) returned 1 [0139.282] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xeb80) returned 0x5021f0 [0139.283] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xeb80) returned 0x48cf50 [0139.288] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x5021f0 | out: hHeap=0x430000) returned 1 [0139.288] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0139.288] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.289] WriteFile (in: hFile=0x2e4, lpBuffer=0x48dbf2*, nNumberOfBytesToWrite=0xd000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x48dbf2*, lpNumberOfBytesWritten=0xc9d9f4*=0xd000, lpOverlapped=0x0) returned 1 [0139.289] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0xfde, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc9da84*=0xfde, lpOverlapped=0x0) returned 1 [0139.291] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0139.291] CloseHandle (hObject=0x2e4) returned 1 [0139.297] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15a0090 | out: hHeap=0x430000) returned 1 [0139.299] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0139.300] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5575a530, ftCreationTime.dwHighDateTime=0x1d8d064, ftLastAccessTime.dwLowDateTime=0x9226fc30, ftLastAccessTime.dwHighDateTime=0x1d8e163, ftLastWriteTime.dwLowDateTime=0x9226fc30, ftLastWriteTime.dwHighDateTime=0x1d8e163, nFileSizeHigh=0x0, nFileSizeLow=0x6b22, dwReserved0=0x0, dwReserved1=0x0, cFileName="sswTI.pptx", cAlternateFileName="SSWTI~1.PPT")) returned 1 [0139.300] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.300] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.300] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.300] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.301] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.301] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.301] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sswTI.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sswti.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.301] GetFileType (hFile=0x2e4) returned 0x1 [0139.301] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=27426) returned 1 [0139.301] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=27426) returned 1 [0139.301] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0139.301] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x6b22) returned 0x526720 [0139.302] ReadFile (in: hFile=0x2e4, lpBuffer=0x526720, nNumberOfBytesToRead=0x6000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesRead=0xc9daf8*=0x6000, lpOverlapped=0x0) returned 1 [0139.302] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0139.303] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d5250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesRead=0xc9da88*=0xb22, lpOverlapped=0x0) returned 1 [0139.303] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x6b30) returned 0x518280 [0139.303] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x6b30) returned 0x4c3d50 [0139.305] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x518280 | out: hHeap=0x430000) returned 1 [0139.305] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0139.306] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.306] WriteFile (in: hFile=0x2e4, lpBuffer=0x4c49f2*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x4c49f2*, lpNumberOfBytesWritten=0xc9d9f4*=0x5000, lpOverlapped=0x0) returned 1 [0139.306] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0xf8e, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc9da84*=0xf8e, lpOverlapped=0x0) returned 1 [0139.307] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0139.307] CloseHandle (hObject=0x2e4) returned 1 [0139.353] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0139.353] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4c3d50 | out: hHeap=0x430000) returned 1 [0139.357] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf301980, ftCreationTime.dwHighDateTime=0x1d92f79, ftLastAccessTime.dwLowDateTime=0x28fecb60, ftLastAccessTime.dwHighDateTime=0x1d93399, ftLastWriteTime.dwLowDateTime=0x28fecb60, ftLastWriteTime.dwHighDateTime=0x1d93399, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uu2MHcR ne4f5 jN", cAlternateFileName="UU2MHC~1")) returned 1 [0139.357] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.357] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.357] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.357] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.358] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.358] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.358] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Uu2MHcR ne4f5 jN\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\uu2mhcr ne4f5 jn\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43fdb0 [0139.358] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.358] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.358] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.358] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.358] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.358] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.358] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf301980, ftCreationTime.dwHighDateTime=0x1d92f79, ftLastAccessTime.dwLowDateTime=0x28fecb60, ftLastAccessTime.dwHighDateTime=0x1d93399, ftLastWriteTime.dwLowDateTime=0x28fecb60, ftLastWriteTime.dwHighDateTime=0x1d93399, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0139.358] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.358] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.358] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.359] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.359] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.359] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.359] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4826ae20, ftCreationTime.dwHighDateTime=0x1d93166, ftLastAccessTime.dwLowDateTime=0xe63553f0, ftLastAccessTime.dwHighDateTime=0x1d934e5, ftLastWriteTime.dwLowDateTime=0xe63553f0, ftLastWriteTime.dwHighDateTime=0x1d934e5, nFileSizeHigh=0x0, nFileSizeLow=0x14223, dwReserved0=0x0, dwReserved1=0x0, cFileName="ejbo2.odt", cAlternateFileName="")) returned 1 [0139.359] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.359] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.359] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.359] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.359] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.359] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.359] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Uu2MHcR ne4f5 jN\\ejbo2.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\uu2mhcr ne4f5 jn\\ejbo2.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.360] GetFileType (hFile=0x1b8) returned 0x1 [0139.360] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=82467) returned 1 [0139.360] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=82467) returned 1 [0139.360] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.361] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0139.361] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.361] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x526720 [0139.363] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.363] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.363] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.364] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=82467) returned 1 [0139.364] WriteFile (in: hFile=0x1b8, lpBuffer=0x526720*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.364] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0139.364] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0139.365] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0139.365] CloseHandle (hObject=0x1b8) returned 1 [0139.370] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0139.372] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f957c0, ftCreationTime.dwHighDateTime=0x1d927cb, ftLastAccessTime.dwLowDateTime=0x54879b00, ftLastAccessTime.dwHighDateTime=0x1d92e43, ftLastWriteTime.dwLowDateTime=0x54879b00, ftLastWriteTime.dwHighDateTime=0x1d92e43, nFileSizeHigh=0x0, nFileSizeLow=0x14c3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NGki7I1lYyPGQLmPou.ots", cAlternateFileName="NGKI7I~1.OTS")) returned 1 [0139.372] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.372] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.372] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.372] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.372] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.372] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.373] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Uu2MHcR ne4f5 jN\\NGki7I1lYyPGQLmPou.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\uu2mhcr ne4f5 jn\\ngki7i1lyypgqlmpou.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.373] GetFileType (hFile=0x1b8) returned 0x1 [0139.373] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=85053) returned 1 [0139.373] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=85053) returned 1 [0139.373] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.373] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0139.374] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.374] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x526720 [0139.375] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.375] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.375] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.375] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=85053) returned 1 [0139.375] WriteFile (in: hFile=0x1b8, lpBuffer=0x526720*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.376] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0139.376] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0139.376] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0139.377] CloseHandle (hObject=0x1b8) returned 1 [0139.381] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0139.381] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2473dbd0, ftCreationTime.dwHighDateTime=0x1d92642, ftLastAccessTime.dwLowDateTime=0x15a08f30, ftLastAccessTime.dwHighDateTime=0x1d93093, ftLastWriteTime.dwLowDateTime=0x15a08f30, ftLastWriteTime.dwHighDateTime=0x1d93093, nFileSizeHigh=0x0, nFileSizeLow=0xc5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="zLTL9eQH4Dtg.xlsx", cAlternateFileName="ZLTL9E~1.XLS")) returned 1 [0139.381] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.381] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.381] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.381] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.381] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.381] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.381] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Uu2MHcR ne4f5 jN\\zLTL9eQH4Dtg.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\uu2mhcr ne4f5 jn\\zltl9eqh4dtg.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.382] GetFileType (hFile=0x1b8) returned 0x1 [0139.382] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9d298*=3163) returned 1 [0139.382] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9d248*=3163) returned 1 [0139.382] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0139.382] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0xc5b) returned 0x453740 [0139.382] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0139.382] ReadFile (in: hFile=0x1b8, lpBuffer=0x4d7270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9d198, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesRead=0xc9d198*=0xc5b, lpOverlapped=0x0) returned 1 [0139.382] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xc60) returned 0x462ff0 [0139.382] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xc60) returned 0x15b3760 [0139.383] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462ff0 | out: hHeap=0x430000) returned 1 [0139.383] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc9d298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9d298*=0) returned 1 [0139.383] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d0a4, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc9d0a4*=0x1000, lpOverlapped=0x0) returned 1 [0139.383] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0xbe, lpNumberOfBytesWritten=0xc9d194, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc9d194*=0xbe, lpOverlapped=0x0) returned 1 [0139.397] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0139.397] CloseHandle (hObject=0x1b8) returned 1 [0139.399] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x453740 | out: hHeap=0x430000) returned 1 [0139.400] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b3760 | out: hHeap=0x430000) returned 1 [0139.400] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x4e00004e, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x1083831, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0139.400] GetLastError () returned 0x12 [0139.400] GetLastError () returned 0x12 [0139.400] SetLastError (dwErrCode=0x12) [0139.400] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0139.400] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a5ecf30, ftCreationTime.dwHighDateTime=0x1d92502, ftLastAccessTime.dwLowDateTime=0x8f2a2760, ftLastAccessTime.dwHighDateTime=0x1d92866, ftLastWriteTime.dwLowDateTime=0x8f2a2760, ftLastWriteTime.dwHighDateTime=0x1d92866, nFileSizeHigh=0x0, nFileSizeLow=0x8169, dwReserved0=0x0, dwReserved1=0x0, cFileName="WQUodEcA-ws.docx", cAlternateFileName="WQUODE~1.DOC")) returned 1 [0139.400] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.400] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.400] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.400] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.400] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.400] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.401] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WQUodEcA-ws.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\wquodeca-ws.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.403] GetFileType (hFile=0x2e4) returned 0x1 [0139.403] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=33129) returned 1 [0139.403] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=33129) returned 1 [0139.403] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0139.403] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x8169) returned 0x526720 [0139.404] ReadFile (in: hFile=0x2e4, lpBuffer=0x526720, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesRead=0xc9daf8*=0x8000, lpOverlapped=0x0) returned 1 [0139.404] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0139.404] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d2220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesRead=0xc9da88*=0x169, lpOverlapped=0x0) returned 1 [0139.404] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x8170) returned 0x518280 [0139.405] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x8170) returned 0x4c3d50 [0139.407] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x518280 | out: hHeap=0x430000) returned 1 [0139.407] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0139.408] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.408] WriteFile (in: hFile=0x2e4, lpBuffer=0x4c49f2*, nNumberOfBytesToWrite=0x7000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x4c49f2*, lpNumberOfBytesWritten=0xc9d9f4*=0x7000, lpOverlapped=0x0) returned 1 [0139.408] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x5ce, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc9da84*=0x5ce, lpOverlapped=0x0) returned 1 [0139.409] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0139.409] CloseHandle (hObject=0x2e4) returned 1 [0139.412] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0139.413] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4c3d50 | out: hHeap=0x430000) returned 1 [0139.414] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8fc48b0, ftCreationTime.dwHighDateTime=0x1d92874, ftLastAccessTime.dwLowDateTime=0x1fdd4bd0, ftLastAccessTime.dwHighDateTime=0x1d92b68, ftLastWriteTime.dwLowDateTime=0x1fdd4bd0, ftLastWriteTime.dwHighDateTime=0x1d92b68, nFileSizeHigh=0x0, nFileSizeLow=0x568, dwReserved0=0x0, dwReserved1=0x0, cFileName="xmqtd.rtf", cAlternateFileName="")) returned 1 [0139.414] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.414] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.414] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.414] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.414] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.414] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.415] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\xmqtd.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xmqtd.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.415] GetFileType (hFile=0x2e4) returned 0x1 [0139.415] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=1384) returned 1 [0139.415] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=1384) returned 1 [0139.415] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.415] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x568, lpOverlapped=0x0) returned 1 [0139.416] ReadFile (in: hFile=0x2e4, lpBuffer=0xc94178, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc94178*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0139.416] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x570) returned 0x15ba0a0 [0139.416] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x570) returned 0x475e20 [0139.416] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ba0a0 | out: hHeap=0x430000) returned 1 [0139.417] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.417] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.418] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0139.418] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0139.418] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x670, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc93954*=0x670, lpOverlapped=0x0) returned 1 [0139.419] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0139.419] CloseHandle (hObject=0x2e4) returned 1 [0139.421] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x475e20 | out: hHeap=0x430000) returned 1 [0139.421] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcaa2b40, ftCreationTime.dwHighDateTime=0x1d8c2f7, ftLastAccessTime.dwLowDateTime=0x6315f3d0, ftLastAccessTime.dwHighDateTime=0x1d8f007, ftLastWriteTime.dwLowDateTime=0x6315f3d0, ftLastWriteTime.dwHighDateTime=0x1d8f007, nFileSizeHigh=0x0, nFileSizeLow=0x16645, dwReserved0=0x0, dwReserved1=0x0, cFileName="XWr5dH0Ij.pptx", cAlternateFileName="XWR5DH~1.PPT")) returned 1 [0139.421] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.421] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.421] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.421] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.422] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.422] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.422] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\XWr5dH0Ij.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xwr5dh0ij.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc9d9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.422] GetFileType (hFile=0x2e4) returned 0x1 [0139.422] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc9db88*=91717) returned 1 [0139.422] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc9db38*=91717) returned 1 [0139.422] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0139.423] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x16645) returned 0x48cf50 [0139.425] ReadFile (in: hFile=0x2e4, lpBuffer=0x48cf50, nNumberOfBytesToRead=0x16000, lpNumberOfBytesRead=0xc9daf8, lpOverlapped=0x0 | out: lpBuffer=0x48cf50*, lpNumberOfBytesRead=0xc9daf8*=0x16000, lpOverlapped=0x0) returned 1 [0139.426] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0139.426] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d3230, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc9da88, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesRead=0xc9da88*=0x645, lpOverlapped=0x0) returned 1 [0139.426] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x16650) returned 0x15bccc0 [0139.429] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x16650) returned 0x15d3320 [0139.437] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15bccc0 | out: hHeap=0x430000) returned 1 [0139.437] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc9db88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc9db88*=0) returned 1 [0139.437] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc9d9c4, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc9d9c4*=0x1000, lpOverlapped=0x0) returned 1 [0139.438] WriteFile (in: hFile=0x2e4, lpBuffer=0x15d3fc2*, nNumberOfBytesToWrite=0x15000, lpNumberOfBytesWritten=0xc9d9f4, lpOverlapped=0x0 | out: lpBuffer=0x15d3fc2*, lpNumberOfBytesWritten=0xc9d9f4*=0x15000, lpOverlapped=0x0) returned 1 [0139.438] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0xaae, lpNumberOfBytesWritten=0xc9da84, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc9da84*=0xaae, lpOverlapped=0x0) returned 1 [0139.440] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0139.440] CloseHandle (hObject=0x2e4) returned 1 [0139.445] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x48cf50 | out: hHeap=0x430000) returned 1 [0139.450] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15d3320 | out: hHeap=0x430000) returned 1 [0139.452] FindNextFileW (in: hFindFile=0x438e40, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x66080b65, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0139.452] GetLastError () returned 0x12 [0139.452] GetLastError () returned 0x12 [0139.452] SetLastError (dwErrCode=0x12) [0139.452] FindClose (in: hFindFile=0x438e40 | out: hFindFile=0x438e40) returned 1 [0139.452] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0139.452] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.453] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.453] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.453] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.453] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.453] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.453] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43fdb0 [0139.453] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.453] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.453] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.453] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.454] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.454] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.454] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0139.454] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.454] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.454] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.454] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.454] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.454] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.454] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0139.454] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.454] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.455] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.455] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.455] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.455] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.455] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.455] GetFileType (hFile=0x2e4) returned 0x1 [0139.455] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=282) returned 1 [0139.456] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=282) returned 1 [0139.456] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.456] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x11a, lpOverlapped=0x0) returned 1 [0139.457] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93d2a, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93d2a*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0139.457] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x120) returned 0x15bc2f0 [0139.457] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x120) returned 0x15bbd00 [0139.458] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15bc2f0 | out: hHeap=0x430000) returned 1 [0139.458] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.458] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.460] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0139.460] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0139.461] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93954*=0x220, lpOverlapped=0x0) returned 1 [0139.462] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0139.462] CloseHandle (hObject=0x2e4) returned 1 [0139.466] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15bbd00 | out: hHeap=0x430000) returned 1 [0139.466] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0139.466] GetLastError () returned 0x12 [0139.466] GetLastError () returned 0x12 [0139.466] SetLastError (dwErrCode=0x12) [0139.466] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0139.467] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0139.467] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.467] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.467] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.467] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.467] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.467] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.467] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43fdb0 [0139.467] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.467] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.468] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.468] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.468] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.468] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.468] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0139.468] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.468] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.468] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.468] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.468] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.468] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.468] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43053b43, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43053b43, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bing.url", cAlternateFileName="")) returned 1 [0139.468] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.468] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.468] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.468] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.469] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.469] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.469] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.469] GetFileType (hFile=0x2e4) returned 0x1 [0139.469] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=208) returned 1 [0139.469] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=208) returned 1 [0139.469] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.470] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0xd0, lpOverlapped=0x0) returned 1 [0139.492] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93ce0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93ce0*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0139.492] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xe0) returned 0x523a70 [0139.492] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xe0) returned 0x524880 [0139.492] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x523a70 | out: hHeap=0x430000) returned 1 [0139.492] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.492] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.495] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0139.496] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0139.496] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93954*=0x1e0, lpOverlapped=0x0) returned 1 [0139.497] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0139.497] CloseHandle (hObject=0x2e4) returned 1 [0139.499] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x524880 | out: hHeap=0x430000) returned 1 [0139.499] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0139.499] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.499] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.499] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.499] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.499] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.499] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.499] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.500] GetFileType (hFile=0x2e4) returned 0x1 [0139.500] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=402) returned 1 [0139.500] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=402) returned 1 [0139.500] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.500] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x192, lpOverlapped=0x0) returned 1 [0139.501] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93da2, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93da2*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0139.501] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1a0) returned 0x4749a0 [0139.501] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1a0) returned 0x4759a0 [0139.502] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4749a0 | out: hHeap=0x430000) returned 1 [0139.502] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.502] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.503] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0139.503] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0139.504] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93954*=0x2a0, lpOverlapped=0x0) returned 1 [0139.504] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0139.504] CloseHandle (hObject=0x2e4) returned 1 [0139.507] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4759a0 | out: hHeap=0x430000) returned 1 [0139.507] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0139.507] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.507] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.507] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.507] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.507] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.507] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.507] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43fe70 [0139.508] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.508] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.508] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.508] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.508] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.508] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.508] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0139.508] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.508] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.508] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.508] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.509] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.509] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.509] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x43079e90, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0139.509] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.509] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.509] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.509] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.509] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.509] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.509] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.510] GetFileType (hFile=0x1b8) returned 0x1 [0139.510] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=80) returned 1 [0139.510] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=80) returned 1 [0139.513] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.513] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x50, lpOverlapped=0x0) returned 1 [0139.515] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93370, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93370*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0139.515] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x60) returned 0x15b90e0 [0139.515] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x60) returned 0x15b9380 [0139.515] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b90e0 | out: hHeap=0x430000) returned 1 [0139.515] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.516] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.518] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0139.518] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0139.518] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93064*=0x160, lpOverlapped=0x0) returned 1 [0139.519] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0139.519] CloseHandle (hObject=0x1b8) returned 1 [0139.521] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b9380 | out: hHeap=0x430000) returned 1 [0139.521] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0139.522] GetLastError () returned 0x12 [0139.522] GetLastError () returned 0x12 [0139.522] SetLastError (dwErrCode=0x12) [0139.522] FindClose (in: hFindFile=0x43fe70 | out: hFindFile=0x43fe70) returned 1 [0139.522] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="翸")) returned 0 [0139.522] GetLastError () returned 0x12 [0139.522] GetLastError () returned 0x12 [0139.522] SetLastError (dwErrCode=0x12) [0139.522] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0139.522] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Links", cAlternateFileName="")) returned 1 [0139.522] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.522] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.522] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.522] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.523] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.523] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.523] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43fdb0 [0139.523] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.523] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.523] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.523] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.523] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.523] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.524] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0139.524] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.524] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.524] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.524] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.524] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.524] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.524] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0139.524] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.524] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.524] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.524] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.525] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.525] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.525] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.525] GetFileType (hFile=0x2e4) returned 0x1 [0139.525] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=504) returned 1 [0139.525] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=504) returned 1 [0139.526] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.526] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x1f8, lpOverlapped=0x0) returned 1 [0139.527] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93e08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93e08*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0139.527] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x200) returned 0x4759a0 [0139.527] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x200) returned 0x4749a0 [0139.528] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4759a0 | out: hHeap=0x430000) returned 1 [0139.528] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.528] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.530] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0139.530] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0139.530] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc93954*=0x300, lpOverlapped=0x0) returned 1 [0139.531] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0139.531] CloseHandle (hObject=0x2e4) returned 1 [0139.534] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4749a0 | out: hHeap=0x430000) returned 1 [0139.534] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x207, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0139.534] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.534] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.534] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.534] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.534] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.534] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.535] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Desktop.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.610] GetFileType (hFile=0x2e4) returned 0x1 [0139.610] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=519) returned 1 [0139.610] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=519) returned 1 [0139.611] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.611] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x207, lpOverlapped=0x0) returned 1 [0139.612] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93e17, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93e17*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0139.612] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x210) returned 0x5172c0 [0139.612] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x210) returned 0x517b40 [0139.613] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x5172c0 | out: hHeap=0x430000) returned 1 [0139.613] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.613] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.614] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0139.614] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0139.615] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc93954*=0x310, lpOverlapped=0x0) returned 1 [0139.615] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0139.615] CloseHandle (hObject=0x2e4) returned 1 [0139.618] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x517b40 | out: hHeap=0x430000) returned 1 [0139.618] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x3d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0139.618] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.618] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.618] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.618] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.618] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.618] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.618] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Downloads.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.619] GetFileType (hFile=0x2e4) returned 0x1 [0139.619] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=976) returned 1 [0139.619] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=976) returned 1 [0139.619] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.619] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x3d0, lpOverlapped=0x0) returned 1 [0139.622] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93fe0, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93fe0*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0139.622] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3e0) returned 0x477cf0 [0139.622] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3e0) returned 0x15ba0a0 [0139.622] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x477cf0 | out: hHeap=0x430000) returned 1 [0139.623] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.623] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.624] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0139.624] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0139.624] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93954*=0x4e0, lpOverlapped=0x0) returned 1 [0139.625] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0139.625] CloseHandle (hObject=0x2e4) returned 1 [0139.627] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15ba0a0 | out: hHeap=0x430000) returned 1 [0139.627] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0139.627] GetLastError () returned 0x12 [0139.627] GetLastError () returned 0x12 [0139.627] SetLastError (dwErrCode=0x12) [0139.627] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0139.627] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0139.627] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.627] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.628] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.628] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.628] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.628] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.628] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\local settings\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0139.628] GetLastError () returned 0x5 [0139.628] GetLastError () returned 0x5 [0139.628] SetLastError (dwErrCode=0x5) [0139.628] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe0f74d12, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe0f74d12, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Music", cAlternateFileName="")) returned 1 [0139.628] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.628] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.629] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.629] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.629] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0139.629] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0139.629] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43fdb0 [0139.629] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.629] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.629] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.629] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.629] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.629] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.630] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe0f74d12, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe0f74d12, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0139.630] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.630] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.630] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.630] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.630] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.630] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.630] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1478aac0, ftCreationTime.dwHighDateTime=0x1d93174, ftLastAccessTime.dwLowDateTime=0x29a985d0, ftLastAccessTime.dwHighDateTime=0x1d93292, ftLastWriteTime.dwLowDateTime=0x29a985d0, ftLastWriteTime.dwHighDateTime=0x1d93292, nFileSizeHigh=0x0, nFileSizeLow=0x8cf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="2BZtrQsnPaWcF9k4Auc.m4a", cAlternateFileName="2BZTRQ~1.M4A")) returned 1 [0139.630] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.630] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.630] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.630] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.631] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.631] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.631] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\2BZtrQsnPaWcF9k4Auc.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\2bztrqsnpawcf9k4auc.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.631] GetFileType (hFile=0x2e4) returned 0x1 [0139.631] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=36088) returned 1 [0139.631] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=36088) returned 1 [0139.632] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.632] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0139.632] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.633] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x526720 [0139.635] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.635] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.636] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.637] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=36088) returned 1 [0139.637] WriteFile (in: hFile=0x2e4, lpBuffer=0x526720*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.638] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0139.638] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0139.639] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0139.639] CloseHandle (hObject=0x2e4) returned 1 [0139.642] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0139.642] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0139.642] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.642] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.642] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.642] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.642] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.642] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.643] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.643] GetFileType (hFile=0x2e4) returned 0x1 [0139.643] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=504) returned 1 [0139.643] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=504) returned 1 [0139.643] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.643] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x1f8, lpOverlapped=0x0) returned 1 [0139.645] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93e08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93e08*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0139.645] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x200) returned 0x4749a0 [0139.645] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x200) returned 0x4759a0 [0139.645] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4749a0 | out: hHeap=0x430000) returned 1 [0139.645] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.646] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.722] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0139.722] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0139.722] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93954*=0x300, lpOverlapped=0x0) returned 1 [0139.723] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0139.723] CloseHandle (hObject=0x2e4) returned 1 [0139.726] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4759a0 | out: hHeap=0x430000) returned 1 [0139.726] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f80b9f0, ftCreationTime.dwHighDateTime=0x1d92d22, ftLastAccessTime.dwLowDateTime=0x1ef27420, ftLastAccessTime.dwHighDateTime=0x1d9319e, ftLastWriteTime.dwLowDateTime=0x1ef27420, ftLastWriteTime.dwHighDateTime=0x1d9319e, nFileSizeHigh=0x0, nFileSizeLow=0x167d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="DmmjraBo.m4a", cAlternateFileName="")) returned 1 [0139.726] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.726] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.726] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.726] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.726] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.726] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.727] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\DmmjraBo.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\dmmjrabo.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.727] GetFileType (hFile=0x2e4) returned 0x1 [0139.727] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=92118) returned 1 [0139.727] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=92118) returned 1 [0139.728] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.728] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0139.728] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.728] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x526720 [0139.730] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.730] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.730] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.731] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=92118) returned 1 [0139.731] WriteFile (in: hFile=0x2e4, lpBuffer=0x526720*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x526720*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.732] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0139.732] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0139.733] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0139.733] CloseHandle (hObject=0x2e4) returned 1 [0139.741] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x526720 | out: hHeap=0x430000) returned 1 [0139.741] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7eaf20, ftCreationTime.dwHighDateTime=0x1d931b2, ftLastAccessTime.dwLowDateTime=0x84b16660, ftLastAccessTime.dwHighDateTime=0x1d93327, ftLastWriteTime.dwLowDateTime=0x84b16660, ftLastWriteTime.dwHighDateTime=0x1d93327, nFileSizeHigh=0x0, nFileSizeLow=0xc75b, dwReserved0=0x0, dwReserved1=0x0, cFileName="fuYxdst6SMV8PN.mp3", cAlternateFileName="FUYXDS~1.MP3")) returned 1 [0139.741] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.741] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.741] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.741] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.742] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.742] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\fuYxdst6SMV8PN.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fuyxdst6smv8pn.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0139.743] GetFileType (hFile=0x2e4) returned 0x1 [0139.744] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=51035) returned 1 [0139.744] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=51035) returned 1 [0139.744] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.744] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0139.744] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0139.745] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.747] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0139.747] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0139.747] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.747] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=51035) returned 1 [0139.748] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0139.750] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0139.750] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0139.751] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0139.751] CloseHandle (hObject=0x2e4) returned 1 [0139.757] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.757] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60e23ce0, ftCreationTime.dwHighDateTime=0x1d92bfd, ftLastAccessTime.dwLowDateTime=0x202cbcd0, ftLastAccessTime.dwHighDateTime=0x1d932e6, ftLastWriteTime.dwLowDateTime=0x202cbcd0, ftLastWriteTime.dwHighDateTime=0x1d932e6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FXGh0g6", cAlternateFileName="")) returned 1 [0139.757] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.757] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.757] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0139.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0139.757] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43fe70 [0139.758] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.758] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.758] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.758] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.758] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.758] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.758] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60e23ce0, ftCreationTime.dwHighDateTime=0x1d92bfd, ftLastAccessTime.dwLowDateTime=0x202cbcd0, ftLastAccessTime.dwHighDateTime=0x1d932e6, ftLastWriteTime.dwLowDateTime=0x202cbcd0, ftLastWriteTime.dwHighDateTime=0x1d932e6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0139.759] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.759] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.759] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.759] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.759] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.759] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.759] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a5ad320, ftCreationTime.dwHighDateTime=0x1d93511, ftLastAccessTime.dwLowDateTime=0xdc0357a0, ftLastAccessTime.dwHighDateTime=0x1d9352c, ftLastWriteTime.dwLowDateTime=0xdc0357a0, ftLastWriteTime.dwHighDateTime=0x1d9352c, nFileSizeHigh=0x0, nFileSizeLow=0x37d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="-4kdm22YV4v.wav", cAlternateFileName="-4KDM2~1.WAV")) returned 1 [0139.759] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.759] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.759] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.759] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.759] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.759] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.760] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\-4kdm22YV4v.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\-4kdm22yv4v.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.760] GetFileType (hFile=0x1b8) returned 0x1 [0139.802] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=14294) returned 1 [0139.802] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=14294) returned 1 [0139.803] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.803] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x37d6, lpOverlapped=0x0) returned 1 [0139.804] ReadFile (in: hFile=0x1b8, lpBuffer=0xc96af6, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc96af6*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0139.804] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x37e0) returned 0x15b58c0 [0139.804] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x37e0) returned 0x4ba7e0 [0139.806] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0139.806] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.806] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.807] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0139.808] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x3000, lpOverlapped=0x0) returned 1 [0139.809] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0139.809] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc93064*=0x8e0, lpOverlapped=0x0) returned 1 [0139.810] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0139.810] CloseHandle (hObject=0x1b8) returned 1 [0139.813] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.813] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7388da70, ftCreationTime.dwHighDateTime=0x1d928c4, ftLastAccessTime.dwLowDateTime=0x71885280, ftLastAccessTime.dwHighDateTime=0x1d92d85, ftLastWriteTime.dwLowDateTime=0x71885280, ftLastWriteTime.dwHighDateTime=0x1d92d85, nFileSizeHigh=0x0, nFileSizeLow=0x12c70, dwReserved0=0x0, dwReserved1=0x0, cFileName="8B8Hy6zF_MS.m4a", cAlternateFileName="8B8HY6~1.M4A")) returned 1 [0139.813] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.813] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.814] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.814] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.814] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.814] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.814] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\8B8Hy6zF_MS.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\8b8hy6zf_ms.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.815] GetFileType (hFile=0x1b8) returned 0x1 [0139.815] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=76912) returned 1 [0139.815] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=76912) returned 1 [0139.815] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.815] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0139.816] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0139.816] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.817] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0139.817] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.818] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.818] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=76912) returned 1 [0139.818] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.819] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0139.819] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0139.820] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0139.820] CloseHandle (hObject=0x1b8) returned 1 [0139.826] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.826] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0fc1180, ftCreationTime.dwHighDateTime=0x1d92939, ftLastAccessTime.dwLowDateTime=0xa88f4ce0, ftLastAccessTime.dwHighDateTime=0x1d92d1f, ftLastWriteTime.dwLowDateTime=0xa88f4ce0, ftLastWriteTime.dwHighDateTime=0x1d92d1f, nFileSizeHigh=0x0, nFileSizeLow=0xd53c, dwReserved0=0x0, dwReserved1=0x0, cFileName="9vXU0CCZC77b8.m4a", cAlternateFileName="9VXU0C~1.M4A")) returned 1 [0139.826] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.826] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.826] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.826] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.826] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.826] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.826] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\9vXU0CCZC77b8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\9vxu0cczc77b8.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.827] GetFileType (hFile=0x1b8) returned 0x1 [0139.827] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=54588) returned 1 [0139.827] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=54588) returned 1 [0139.827] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.827] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0139.829] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0139.829] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.830] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0139.830] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.830] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.831] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=54588) returned 1 [0139.831] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.833] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0139.833] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0139.834] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0139.834] CloseHandle (hObject=0x1b8) returned 1 [0139.925] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.925] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83717db0, ftCreationTime.dwHighDateTime=0x1d93527, ftLastAccessTime.dwLowDateTime=0x9da5a6d0, ftLastAccessTime.dwHighDateTime=0x1d9355d, ftLastWriteTime.dwLowDateTime=0x9da5a6d0, ftLastWriteTime.dwHighDateTime=0x1d9355d, nFileSizeHigh=0x0, nFileSizeLow=0x8b43, dwReserved0=0x0, dwReserved1=0x0, cFileName="gfULfaB3zo.wav", cAlternateFileName="GFULFA~1.WAV")) returned 1 [0139.926] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.926] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.926] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.926] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.926] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.926] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.926] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\gfULfaB3zo.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\gfulfab3zo.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.926] GetFileType (hFile=0x1b8) returned 0x1 [0139.926] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=35651) returned 1 [0139.927] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=35651) returned 1 [0139.927] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.927] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0139.928] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0139.928] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.929] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0139.929] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.929] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.930] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=35651) returned 1 [0139.930] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.930] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0139.931] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0139.931] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0139.931] CloseHandle (hObject=0x1b8) returned 1 [0139.937] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.937] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cb883c0, ftCreationTime.dwHighDateTime=0x1d92cfd, ftLastAccessTime.dwLowDateTime=0xf7b2f1f0, ftLastAccessTime.dwHighDateTime=0x1d93409, ftLastWriteTime.dwLowDateTime=0xf7b2f1f0, ftLastWriteTime.dwHighDateTime=0x1d93409, nFileSizeHigh=0x0, nFileSizeLow=0xb64e, dwReserved0=0x0, dwReserved1=0x0, cFileName="gHqlr7ucmVxDpvt.m4a", cAlternateFileName="GHQLR7~1.M4A")) returned 1 [0139.937] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.937] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.937] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.937] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.937] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.937] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.938] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\gHqlr7ucmVxDpvt.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\ghqlr7ucmvxdpvt.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.938] GetFileType (hFile=0x1b8) returned 0x1 [0139.938] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=46670) returned 1 [0139.938] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=46670) returned 1 [0139.939] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.939] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0139.939] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0139.939] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.940] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0139.941] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.941] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.941] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=46670) returned 1 [0139.941] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.942] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0139.942] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0139.943] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0139.943] CloseHandle (hObject=0x1b8) returned 1 [0139.949] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.949] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce5c6600, ftCreationTime.dwHighDateTime=0x1d92db6, ftLastAccessTime.dwLowDateTime=0x7f3e58c0, ftLastAccessTime.dwHighDateTime=0x1d92fec, ftLastWriteTime.dwLowDateTime=0x7f3e58c0, ftLastWriteTime.dwHighDateTime=0x1d92fec, nFileSizeHigh=0x0, nFileSizeLow=0x11733, dwReserved0=0x0, dwReserved1=0x0, cFileName="iOvCnRfLTkM9.wav", cAlternateFileName="IOVCNR~1.WAV")) returned 1 [0139.949] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.949] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.949] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.949] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.950] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.950] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.950] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\iOvCnRfLTkM9.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\iovcnrfltkm9.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.950] GetFileType (hFile=0x1b8) returned 0x1 [0139.950] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=71475) returned 1 [0139.951] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=71475) returned 1 [0139.951] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.951] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0139.952] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0139.952] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.954] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0139.954] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.954] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.954] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=71475) returned 1 [0139.954] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.955] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0139.955] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0139.956] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0139.956] CloseHandle (hObject=0x1b8) returned 1 [0139.989] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0139.990] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26dbc330, ftCreationTime.dwHighDateTime=0x1d92b68, ftLastAccessTime.dwLowDateTime=0xaea42420, ftLastAccessTime.dwHighDateTime=0x1d92dba, ftLastWriteTime.dwLowDateTime=0xaea42420, ftLastWriteTime.dwHighDateTime=0x1d92dba, nFileSizeHigh=0x0, nFileSizeLow=0x10a72, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ip0_g9kKcj.wav", cAlternateFileName="IP0_G9~1.WAV")) returned 1 [0139.990] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.990] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.990] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.990] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.990] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0139.990] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0139.990] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\Ip0_g9kKcj.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\ip0_g9kkcj.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0139.991] GetFileType (hFile=0x1b8) returned 0x1 [0139.991] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=68210) returned 1 [0139.991] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=68210) returned 1 [0139.991] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.991] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0139.992] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0139.992] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0139.993] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0139.993] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0139.993] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.993] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=68210) returned 1 [0139.993] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0139.994] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0139.994] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0139.995] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0139.996] CloseHandle (hObject=0x1b8) returned 1 [0140.000] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.000] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5258dc50, ftCreationTime.dwHighDateTime=0x1d926bd, ftLastAccessTime.dwLowDateTime=0x4ac93b20, ftLastAccessTime.dwHighDateTime=0x1d930c6, ftLastWriteTime.dwLowDateTime=0x4ac93b20, ftLastWriteTime.dwHighDateTime=0x1d930c6, nFileSizeHigh=0x0, nFileSizeLow=0x78f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iYt4Sr4pkbCs4T.m4a", cAlternateFileName="IYT4SR~1.M4A")) returned 1 [0140.000] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.000] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.000] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.000] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.000] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.000] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.000] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\iYt4Sr4pkbCs4T.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\iyt4sr4pkbcs4t.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.001] GetFileType (hFile=0x1b8) returned 0x1 [0140.001] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=30960) returned 1 [0140.001] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=30960) returned 1 [0140.001] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.001] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.001] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.002] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.002] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.003] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.003] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.003] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=30960) returned 1 [0140.003] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.004] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0140.004] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.005] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0140.005] CloseHandle (hObject=0x1b8) returned 1 [0140.009] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.009] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc55ed070, ftCreationTime.dwHighDateTime=0x1d9322e, ftLastAccessTime.dwLowDateTime=0x18ec6d0, ftLastAccessTime.dwHighDateTime=0x1d934a6, ftLastWriteTime.dwLowDateTime=0x18ec6d0, ftLastWriteTime.dwHighDateTime=0x1d934a6, nFileSizeHigh=0x0, nFileSizeLow=0x83ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="jysgM8eGrB.wav", cAlternateFileName="JYSGM8~1.WAV")) returned 1 [0140.009] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.009] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.009] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.009] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.009] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.009] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.009] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\jysgM8eGrB.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\jysgm8egrb.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.010] GetFileType (hFile=0x1b8) returned 0x1 [0140.010] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=33742) returned 1 [0140.010] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=33742) returned 1 [0140.010] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.010] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.012] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.012] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.014] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.014] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.014] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.014] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=33742) returned 1 [0140.015] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.016] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0140.016] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.016] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0140.016] CloseHandle (hObject=0x1b8) returned 1 [0140.021] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.021] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc546bbd0, ftCreationTime.dwHighDateTime=0x1d92c60, ftLastAccessTime.dwLowDateTime=0x27e18570, ftLastAccessTime.dwHighDateTime=0x1d933a2, ftLastWriteTime.dwLowDateTime=0x27e18570, ftLastWriteTime.dwHighDateTime=0x1d933a2, nFileSizeHigh=0x0, nFileSizeLow=0xf83a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lw9 ysK.mp3", cAlternateFileName="LW9YSK~1.MP3")) returned 1 [0140.021] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.021] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.021] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.021] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.021] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.021] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.021] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\Lw9 ysK.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\lw9 ysk.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.022] GetFileType (hFile=0x1b8) returned 0x1 [0140.022] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=63546) returned 1 [0140.022] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=63546) returned 1 [0140.022] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.022] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.023] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.023] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.024] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.024] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.024] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.024] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=63546) returned 1 [0140.024] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.025] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0140.025] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.026] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0140.053] CloseHandle (hObject=0x1b8) returned 1 [0140.069] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.069] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4f5cd0, ftCreationTime.dwHighDateTime=0x1d92c24, ftLastAccessTime.dwLowDateTime=0x6376b1f0, ftLastAccessTime.dwHighDateTime=0x1d930b4, ftLastWriteTime.dwLowDateTime=0x6376b1f0, ftLastWriteTime.dwHighDateTime=0x1d930b4, nFileSizeHigh=0x0, nFileSizeLow=0xb0d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="oZwW.m4a", cAlternateFileName="")) returned 1 [0140.069] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.069] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.070] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.070] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.070] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.070] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.070] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\oZwW.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\ozww.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.071] GetFileType (hFile=0x1b8) returned 0x1 [0140.071] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=45267) returned 1 [0140.071] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=45267) returned 1 [0140.071] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.071] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.072] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.072] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.073] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.073] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.074] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.074] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=45267) returned 1 [0140.074] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.075] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0140.076] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.076] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0140.076] CloseHandle (hObject=0x1b8) returned 1 [0140.081] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.081] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c4b64d0, ftCreationTime.dwHighDateTime=0x1d934ff, ftLastAccessTime.dwLowDateTime=0x3942d850, ftLastAccessTime.dwHighDateTime=0x1d93578, ftLastWriteTime.dwLowDateTime=0x3942d850, ftLastWriteTime.dwHighDateTime=0x1d93578, nFileSizeHigh=0x0, nFileSizeLow=0x489b, dwReserved0=0x0, dwReserved1=0x0, cFileName="soxjKq_f52dufejcJQ.m4a", cAlternateFileName="SOXJKQ~1.M4A")) returned 1 [0140.081] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.081] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.081] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.081] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.081] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.081] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.082] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\soxjKq_f52dufejcJQ.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\soxjkq_f52dufejcjq.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.082] GetFileType (hFile=0x1b8) returned 0x1 [0140.082] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=18587) returned 1 [0140.082] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=18587) returned 1 [0140.083] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.083] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x489b, lpOverlapped=0x0) returned 1 [0140.083] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0140.083] ReadFile (in: hFile=0x1b8, lpBuffer=0x4d7270, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc93068, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesRead=0xc93068*=0x0, lpOverlapped=0x0) returned 1 [0140.083] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x48a0) returned 0x15b58c0 [0140.083] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x48a0) returned 0x4ba7e0 [0140.084] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.084] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.085] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.085] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0140.085] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x4000, lpOverlapped=0x0) returned 1 [0140.086] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc93064*=0x9a0, lpOverlapped=0x0) returned 1 [0140.087] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0140.087] CloseHandle (hObject=0x1b8) returned 1 [0140.095] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.095] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae9dcc20, ftCreationTime.dwHighDateTime=0x1d92cb5, ftLastAccessTime.dwLowDateTime=0x6fbe56d0, ftLastAccessTime.dwHighDateTime=0x1d934aa, ftLastWriteTime.dwLowDateTime=0x6fbe56d0, ftLastWriteTime.dwHighDateTime=0x1d934aa, nFileSizeHigh=0x0, nFileSizeLow=0xd152, dwReserved0=0x0, dwReserved1=0x0, cFileName="uFwI7-queadFi7ry6ZM5.mp3", cAlternateFileName="UFWI7-~1.MP3")) returned 1 [0140.095] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.095] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.095] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.095] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.095] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.095] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.096] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\uFwI7-queadFi7ry6ZM5.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\ufwi7-queadfi7ry6zm5.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.096] GetFileType (hFile=0x1b8) returned 0x1 [0140.096] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=53586) returned 1 [0140.096] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=53586) returned 1 [0140.096] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.096] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.097] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.097] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.098] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.098] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.098] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.098] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=53586) returned 1 [0140.098] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.099] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0140.099] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.100] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0140.100] CloseHandle (hObject=0x1b8) returned 1 [0140.105] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.106] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0d2d050, ftCreationTime.dwHighDateTime=0x1d92d80, ftLastAccessTime.dwLowDateTime=0x95a66940, ftLastAccessTime.dwHighDateTime=0x1d93294, ftLastWriteTime.dwLowDateTime=0x95a66940, ftLastWriteTime.dwHighDateTime=0x1d93294, nFileSizeHigh=0x0, nFileSizeLow=0x5014, dwReserved0=0x0, dwReserved1=0x0, cFileName="v2Dwesg8HDjvdewQgNXC.m4a", cAlternateFileName="V2DWES~1.M4A")) returned 1 [0140.106] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.106] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.106] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.106] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.106] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.106] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.106] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\v2Dwesg8HDjvdewQgNXC.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\v2dwesg8hdjvdewqgnxc.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.107] GetFileType (hFile=0x1b8) returned 0x1 [0140.107] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20500) returned 1 [0140.107] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=20500) returned 1 [0140.107] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.107] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.107] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.107] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.109] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.109] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.109] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.109] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20500) returned 1 [0140.109] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.110] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0140.110] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.111] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0140.111] CloseHandle (hObject=0x1b8) returned 1 [0140.114] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.114] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fba2de0, ftCreationTime.dwHighDateTime=0x1d928e6, ftLastAccessTime.dwLowDateTime=0xc5e8fad0, ftLastAccessTime.dwHighDateTime=0x1d92ec7, ftLastWriteTime.dwLowDateTime=0xc5e8fad0, ftLastWriteTime.dwHighDateTime=0x1d92ec7, nFileSizeHigh=0x0, nFileSizeLow=0x14e08, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xk6OsGw80BZF.wav", cAlternateFileName="XK6OSG~1.WAV")) returned 1 [0140.114] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.114] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.114] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.114] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.114] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.114] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.115] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\Xk6OsGw80BZF.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\xk6osgw80bzf.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.115] GetFileType (hFile=0x1b8) returned 0x1 [0140.115] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=85512) returned 1 [0140.115] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=85512) returned 1 [0140.115] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.116] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.117] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.117] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.118] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.118] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.118] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.119] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=85512) returned 1 [0140.119] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.123] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0140.123] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.124] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0140.124] CloseHandle (hObject=0x1b8) returned 1 [0140.129] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.129] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70f4870, ftCreationTime.dwHighDateTime=0x1d92f0e, ftLastAccessTime.dwLowDateTime=0xd89b59b0, ftLastAccessTime.dwHighDateTime=0x1d93409, ftLastWriteTime.dwLowDateTime=0xd89b59b0, ftLastWriteTime.dwHighDateTime=0x1d93409, nFileSizeHigh=0x0, nFileSizeLow=0xb64, dwReserved0=0x0, dwReserved1=0x0, cFileName="xqUMfGAY.wav", cAlternateFileName="")) returned 1 [0140.129] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.129] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.129] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.129] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.130] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.130] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.130] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\xqUMfGAY.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\xqumfgay.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.130] GetFileType (hFile=0x1b8) returned 0x1 [0140.130] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=2916) returned 1 [0140.130] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=2916) returned 1 [0140.131] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.131] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0xb64, lpOverlapped=0x0) returned 1 [0140.131] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93e84, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93e84*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0140.131] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xb70) returned 0x453740 [0140.131] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xb70) returned 0x462ff0 [0140.132] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x453740 | out: hHeap=0x430000) returned 1 [0140.132] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.132] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.134] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0140.134] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0140.134] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0xc70, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93064*=0xc70, lpOverlapped=0x0) returned 1 [0140.135] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0140.135] CloseHandle (hObject=0x1b8) returned 1 [0140.176] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462ff0 | out: hHeap=0x430000) returned 1 [0140.176] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcaa4dfe0, ftCreationTime.dwHighDateTime=0x1d9285e, ftLastAccessTime.dwLowDateTime=0x3526f630, ftLastAccessTime.dwHighDateTime=0x1d92e1f, ftLastWriteTime.dwLowDateTime=0x3526f630, ftLastWriteTime.dwHighDateTime=0x1d92e1f, nFileSizeHigh=0x0, nFileSizeLow=0x22c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="_g9Eb.mp3", cAlternateFileName="")) returned 1 [0140.176] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.176] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.176] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.176] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.176] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.176] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.176] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\_g9Eb.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\_g9eb.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.177] GetFileType (hFile=0x1b8) returned 0x1 [0140.177] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=8897) returned 1 [0140.177] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=8897) returned 1 [0140.177] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.177] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x22c1, lpOverlapped=0x0) returned 1 [0140.178] ReadFile (in: hFile=0x1b8, lpBuffer=0xc955e1, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc955e1*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0140.178] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x22d0) returned 0x15b58c0 [0140.178] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x22d0) returned 0x15b7ba0 [0140.179] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.179] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.179] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.180] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0140.180] WriteFile (in: hFile=0x1b8, lpBuffer=0x15b7ba0*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x15b7ba0*, lpNumberOfBytesWritten=0xc92fd4*=0x2000, lpOverlapped=0x0) returned 1 [0140.180] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0140.181] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc93064*=0x3d0, lpOverlapped=0x0) returned 1 [0140.181] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0140.181] CloseHandle (hObject=0x1b8) returned 1 [0140.277] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b7ba0 | out: hHeap=0x430000) returned 1 [0140.277] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.277] GetLastError () returned 0x12 [0140.278] GetLastError () returned 0x12 [0140.278] SetLastError (dwErrCode=0x12) [0140.278] FindClose (in: hFindFile=0x43fe70 | out: hFindFile=0x43fe70) returned 1 [0140.278] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e7abd60, ftCreationTime.dwHighDateTime=0x1d934d7, ftLastAccessTime.dwLowDateTime=0xbe2551d0, ftLastAccessTime.dwHighDateTime=0x1d93521, ftLastWriteTime.dwLowDateTime=0xbe2551d0, ftLastWriteTime.dwHighDateTime=0x1d93521, nFileSizeHigh=0x0, nFileSizeLow=0x7407, dwReserved0=0x0, dwReserved1=0x0, cFileName="H0Bu7WE L.mp3", cAlternateFileName="H0BU7W~1.MP3")) returned 1 [0140.278] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.278] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.278] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.278] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.278] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.278] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.279] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\H0Bu7WE L.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\h0bu7we l.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.279] GetFileType (hFile=0x2e4) returned 0x1 [0140.279] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=29703) returned 1 [0140.279] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=29703) returned 1 [0140.279] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.279] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0140.280] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.280] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.281] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.281] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.281] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.282] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=29703) returned 1 [0140.282] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.283] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0140.283] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0140.284] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0140.284] CloseHandle (hObject=0x2e4) returned 1 [0140.288] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.288] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c4264f0, ftCreationTime.dwHighDateTime=0x1d93544, ftLastAccessTime.dwLowDateTime=0x6bcbe8e0, ftLastAccessTime.dwHighDateTime=0x1d93558, ftLastWriteTime.dwLowDateTime=0x6bcbe8e0, ftLastWriteTime.dwHighDateTime=0x1d93558, nFileSizeHigh=0x0, nFileSizeLow=0x20c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="LoNNdvzwPSF50eP.wav", cAlternateFileName="LONNDV~1.WAV")) returned 1 [0140.288] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.288] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.288] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.288] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.288] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.288] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.289] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\LoNNdvzwPSF50eP.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lonndvzwpsf50ep.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.289] GetFileType (hFile=0x2e4) returned 0x1 [0140.289] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=8387) returned 1 [0140.289] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=8387) returned 1 [0140.289] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.289] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x20c3, lpOverlapped=0x0) returned 1 [0140.290] ReadFile (in: hFile=0x2e4, lpBuffer=0xc95cd3, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc95cd3*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0140.290] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x20d0) returned 0x15b58c0 [0140.290] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x20d0) returned 0x15b79a0 [0140.291] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.291] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.291] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.293] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0140.293] WriteFile (in: hFile=0x2e4, lpBuffer=0x15b79a0*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x15b79a0*, lpNumberOfBytesWritten=0xc938c4*=0x2000, lpOverlapped=0x0) returned 1 [0140.293] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0140.294] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93954*=0x1d0, lpOverlapped=0x0) returned 1 [0140.295] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0140.295] CloseHandle (hObject=0x2e4) returned 1 [0140.301] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b79a0 | out: hHeap=0x430000) returned 1 [0140.301] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87db38a0, ftCreationTime.dwHighDateTime=0x1d92be0, ftLastAccessTime.dwLowDateTime=0xaffde4f0, ftLastAccessTime.dwHighDateTime=0x1d92e00, ftLastWriteTime.dwLowDateTime=0xaffde4f0, ftLastWriteTime.dwHighDateTime=0x1d92e00, nFileSizeHigh=0x0, nFileSizeLow=0x11c29, dwReserved0=0x0, dwReserved1=0x0, cFileName="M3D2dAGIAkc0.wav", cAlternateFileName="M3D2DA~1.WAV")) returned 1 [0140.301] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.301] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.301] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.301] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.301] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.301] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.302] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\M3D2dAGIAkc0.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\m3d2dagiakc0.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.302] GetFileType (hFile=0x2e4) returned 0x1 [0140.302] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=72745) returned 1 [0140.302] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=72745) returned 1 [0140.302] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.303] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0140.303] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.303] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.304] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.305] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.305] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.305] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=72745) returned 1 [0140.305] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.306] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0140.306] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0140.307] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0140.310] CloseHandle (hObject=0x2e4) returned 1 [0140.317] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.317] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bc8e000, ftCreationTime.dwHighDateTime=0x1d92dae, ftLastAccessTime.dwLowDateTime=0x21cba6d0, ftLastAccessTime.dwHighDateTime=0x1d931d5, ftLastWriteTime.dwLowDateTime=0x21cba6d0, ftLastWriteTime.dwHighDateTime=0x1d931d5, nFileSizeHigh=0x0, nFileSizeLow=0x9a52, dwReserved0=0x0, dwReserved1=0x0, cFileName="R4zOe8GwtZ1.wav", cAlternateFileName="R4ZOE8~1.WAV")) returned 1 [0140.317] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.317] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.317] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.317] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.318] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.318] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.318] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R4zOe8GwtZ1.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r4zoe8gwtz1.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.318] GetFileType (hFile=0x2e4) returned 0x1 [0140.318] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=39506) returned 1 [0140.319] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=39506) returned 1 [0140.319] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.319] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0140.319] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.319] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.321] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.321] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.321] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.321] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=39506) returned 1 [0140.321] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.322] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0140.323] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0140.324] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0140.324] CloseHandle (hObject=0x2e4) returned 1 [0140.328] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.328] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ccfed20, ftCreationTime.dwHighDateTime=0x1d92c1d, ftLastAccessTime.dwLowDateTime=0x6a9c1040, ftLastAccessTime.dwHighDateTime=0x1d930ca, ftLastWriteTime.dwLowDateTime=0x6a9c1040, ftLastWriteTime.dwHighDateTime=0x1d930ca, nFileSizeHigh=0x0, nFileSizeLow=0x15979, dwReserved0=0x0, dwReserved1=0x0, cFileName="rPff8m_vb3qiWXJ Wg0b.m4a", cAlternateFileName="RPFF8M~1.M4A")) returned 1 [0140.328] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.328] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.328] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.328] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.329] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.329] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.329] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rPff8m_vb3qiWXJ Wg0b.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\rpff8m_vb3qiwxj wg0b.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.329] GetFileType (hFile=0x2e4) returned 0x1 [0140.329] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=88441) returned 1 [0140.329] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=88441) returned 1 [0140.329] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.330] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0140.330] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.330] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.331] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.331] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.331] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.332] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=88441) returned 1 [0140.332] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.333] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0140.333] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0140.333] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0140.334] CloseHandle (hObject=0x2e4) returned 1 [0140.338] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.338] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42895950, ftCreationTime.dwHighDateTime=0x1d931a6, ftLastAccessTime.dwLowDateTime=0x57e52e80, ftLastAccessTime.dwHighDateTime=0x1d93491, ftLastWriteTime.dwLowDateTime=0x57e52e80, ftLastWriteTime.dwHighDateTime=0x1d93491, nFileSizeHigh=0x0, nFileSizeLow=0xa8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="u7iCll5l.m4a", cAlternateFileName="")) returned 1 [0140.338] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.338] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.338] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.338] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.340] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.340] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.340] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\u7iCll5l.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\u7icll5l.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.340] GetFileType (hFile=0x2e4) returned 0x1 [0140.340] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=2703) returned 1 [0140.341] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=2703) returned 1 [0140.341] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.341] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0xa8f, lpOverlapped=0x0) returned 1 [0140.341] ReadFile (in: hFile=0x2e4, lpBuffer=0xc9469f, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc9469f*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0140.341] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xa90) returned 0x453740 [0140.341] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xa90) returned 0x462ff0 [0140.342] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x453740 | out: hHeap=0x430000) returned 1 [0140.342] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.342] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.343] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0140.343] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0140.343] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0xb90, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93954*=0xb90, lpOverlapped=0x0) returned 1 [0140.344] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0140.344] CloseHandle (hObject=0x2e4) returned 1 [0140.346] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462ff0 | out: hHeap=0x430000) returned 1 [0140.346] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc295770, ftCreationTime.dwHighDateTime=0x1d92d7d, ftLastAccessTime.dwLowDateTime=0x6f1c370, ftLastAccessTime.dwHighDateTime=0x1d933f2, ftLastWriteTime.dwLowDateTime=0x6f1c370, ftLastWriteTime.dwHighDateTime=0x1d933f2, nFileSizeHigh=0x0, nFileSizeLow=0x14058, dwReserved0=0x0, dwReserved1=0x0, cFileName="xA6JGYQ_yeIF.wav", cAlternateFileName="XA6JGY~1.WAV")) returned 1 [0140.346] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.346] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.346] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.346] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.347] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.347] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.347] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\xA6JGYQ_yeIF.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\xa6jgyq_yeif.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.347] GetFileType (hFile=0x2e4) returned 0x1 [0140.347] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=82008) returned 1 [0140.347] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=82008) returned 1 [0140.347] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.348] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0140.348] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.348] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.349] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.349] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.349] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.350] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=82008) returned 1 [0140.350] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.351] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0140.351] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0140.351] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0140.351] CloseHandle (hObject=0x2e4) returned 1 [0140.358] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.358] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x120c90e0, ftCreationTime.dwHighDateTime=0x1d92d4f, ftLastAccessTime.dwLowDateTime=0x62abfd10, ftLastAccessTime.dwHighDateTime=0x1d93263, ftLastWriteTime.dwLowDateTime=0x62abfd10, ftLastWriteTime.dwHighDateTime=0x1d93263, nFileSizeHigh=0x0, nFileSizeLow=0x11252, dwReserved0=0x0, dwReserved1=0x0, cFileName="XaYVlV-JmayNd53_Mt.wav", cAlternateFileName="XAYVLV~1.WAV")) returned 1 [0140.358] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.358] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.359] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.359] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.359] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.359] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.359] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\XaYVlV-JmayNd53_Mt.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\xayvlv-jmaynd53_mt.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.359] GetFileType (hFile=0x2e4) returned 0x1 [0140.359] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=70226) returned 1 [0140.360] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=70226) returned 1 [0140.360] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.360] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0140.360] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.360] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.362] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.362] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.362] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.362] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=70226) returned 1 [0140.362] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.363] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0140.364] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0140.364] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0140.364] CloseHandle (hObject=0x2e4) returned 1 [0140.374] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.374] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a440900, ftCreationTime.dwHighDateTime=0x1d928d8, ftLastAccessTime.dwLowDateTime=0xac775f80, ftLastAccessTime.dwHighDateTime=0x1d92f6f, ftLastWriteTime.dwLowDateTime=0xac775f80, ftLastWriteTime.dwHighDateTime=0x1d92f6f, nFileSizeHigh=0x0, nFileSizeLow=0xf308, dwReserved0=0x0, dwReserved1=0x0, cFileName="xD9qeXinUK4Z9qI4.mp3", cAlternateFileName="XD9QEX~1.MP3")) returned 1 [0140.374] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.374] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.374] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.374] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.374] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.374] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.375] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\xD9qeXinUK4Z9qI4.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\xd9qexinuk4z9qi4.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.375] GetFileType (hFile=0x2e4) returned 0x1 [0140.375] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=62216) returned 1 [0140.375] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=62216) returned 1 [0140.376] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.376] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0140.376] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.376] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.378] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.378] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.378] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.378] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=62216) returned 1 [0140.379] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.421] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0140.421] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0140.422] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0140.422] CloseHandle (hObject=0x2e4) returned 1 [0140.427] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.427] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.427] GetLastError () returned 0x12 [0140.427] GetLastError () returned 0x12 [0140.428] SetLastError (dwErrCode=0x12) [0140.428] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0140.428] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0140.428] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.428] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.428] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.428] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.428] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.428] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.428] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\my documents\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0140.429] GetLastError () returned 0x5 [0140.429] GetLastError () returned 0x5 [0140.429] SetLastError (dwErrCode=0x5) [0140.429] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="NetHood", cAlternateFileName="")) returned 1 [0140.429] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.429] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.429] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.429] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.429] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.429] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.429] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\NetHood\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\nethood\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0140.430] GetLastError () returned 0x5 [0140.430] GetLastError () returned 0x5 [0140.430] SetLastError (dwErrCode=0x5) [0140.430] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3ce3dbd0, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4b110efe, ftLastAccessTime.dwHighDateTime=0x1d93628, ftLastWriteTime.dwLowDateTime=0x4b110efe, ftLastWriteTime.dwHighDateTime=0x1d93628, nFileSizeHigh=0x0, nFileSizeLow=0x140000, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0140.430] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.430] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.430] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.430] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.430] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.430] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.430] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d2dc444, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x117000, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0140.430] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.431] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.431] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.431] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.431] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.431] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.431] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.dat.LOG1" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc941b8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.431] GetLastError () returned 0x20 [0140.432] GetLastError () returned 0x20 [0140.432] SetLastError (dwErrCode=0x20) [0140.432] GetLastError () returned 0x20 [0140.432] SetLastError (dwErrCode=0x20) [0140.432] GetLastError () returned 0x20 [0140.432] SetLastError (dwErrCode=0x20) [0140.432] GetLastError () returned 0x20 [0140.432] SetLastError (dwErrCode=0x20) [0140.432] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d2dc444, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x14000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0140.435] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.435] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.435] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.435] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.435] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.435] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.436] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.dat.LOG2" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc941b8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.436] GetLastError () returned 0x20 [0140.436] GetLastError () returned 0x20 [0140.436] SetLastError (dwErrCode=0x20) [0140.436] GetLastError () returned 0x20 [0140.436] SetLastError (dwErrCode=0x20) [0140.436] GetLastError () returned 0x20 [0140.436] SetLastError (dwErrCode=0x20) [0140.437] GetLastError () returned 0x20 [0140.437] SetLastError (dwErrCode=0x20) [0140.437] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x63434853, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0140.437] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.437] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.437] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.437] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.437] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.437] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.437] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d3026e1, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d3026e1, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6340e659, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0140.437] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.437] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.437] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.437] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.437] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.438] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.438] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d3026e1, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d3026e1, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6340e659, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0140.438] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.438] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.438] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.438] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.438] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.438] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.438] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0140.438] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.438] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.438] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.438] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.439] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.439] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.439] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc941b8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x218 [0140.439] GetFileType (hFile=0x218) returned 0x1 [0140.440] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0xc94348, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc94348*=20) returned 1 [0140.440] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0xc942f8, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc942f8*=20) returned 1 [0140.440] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0xc94348, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc94348*=0) returned 1 [0140.440] ReadFile (in: hFile=0x218, lpBuffer=0xc94500, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc942b8, lpOverlapped=0x0 | out: lpBuffer=0xc94500*, lpNumberOfBytesRead=0xc942b8*=0x14, lpOverlapped=0x0) returned 1 [0140.443] ReadFile (in: hFile=0x218, lpBuffer=0xc94514, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc942b8, lpOverlapped=0x0 | out: lpBuffer=0xc94514*, lpNumberOfBytesRead=0xc942b8*=0x0, lpOverlapped=0x0) returned 1 [0140.443] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x20) returned 0x15b4900 [0140.443] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x20) returned 0x15b4f30 [0140.444] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b4900 | out: hHeap=0x430000) returned 1 [0140.444] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0xc94348, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc94348*=0) returned 1 [0140.444] WriteFile (in: hFile=0x218, lpBuffer=0xc99500*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc941b4, lpOverlapped=0x0 | out: lpBuffer=0xc99500*, lpNumberOfBytesWritten=0xc941b4*=0x5000, lpOverlapped=0x0) returned 1 [0140.446] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0xc94348, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc94348*=20480) returned 1 [0140.446] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x484c40 [0140.446] WriteFile (in: hFile=0x218, lpBuffer=0x484c40*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc94244, lpOverlapped=0x0 | out: lpBuffer=0x484c40*, lpNumberOfBytesWritten=0xc94244*=0x120, lpOverlapped=0x0) returned 1 [0140.447] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x484c40 | out: hHeap=0x430000) returned 1 [0140.447] CloseHandle (hObject=0x218) returned 1 [0140.450] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b4f30 | out: hHeap=0x430000) returned 1 [0140.450] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0140.450] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.450] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.450] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.450] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.450] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.450] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.450] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43fdb0 [0140.451] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.451] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.451] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.451] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.451] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.451] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.451] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.451] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.451] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.451] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.451] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.452] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.452] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.452] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x84aeda3c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x67, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0140.452] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.452] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.452] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.452] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.452] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.452] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.452] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.453] GetFileType (hFile=0x2e4) returned 0x1 [0140.453] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=103) returned 1 [0140.453] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=103) returned 1 [0140.453] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.453] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x67, lpOverlapped=0x0) returned 1 [0140.454] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c77, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c77*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0140.455] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x70) returned 0x4623e0 [0140.455] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x70) returned 0x462160 [0140.455] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4623e0 | out: hHeap=0x430000) returned 1 [0140.455] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.455] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.469] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0140.469] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0140.469] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93954*=0x170, lpOverlapped=0x0) returned 1 [0140.470] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0140.470] CloseHandle (hObject=0x2e4) returned 1 [0140.513] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462160 | out: hHeap=0x430000) returned 1 [0140.513] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.513] GetLastError () returned 0x12 [0140.513] GetLastError () returned 0x12 [0140.513] SetLastError (dwErrCode=0x12) [0140.513] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0140.513] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe19e32ec, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe19e32ec, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0140.513] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.513] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.513] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.513] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.514] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0140.514] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0140.514] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43fdb0 [0140.514] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.514] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.514] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.514] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.514] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.515] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.515] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe19e32ec, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe19e32ec, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.515] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.515] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.515] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.515] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.515] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.515] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.515] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Camera Roll", cAlternateFileName="CAMERA~1")) returned 1 [0140.515] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.515] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.515] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.515] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.516] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.516] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.516] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43fe70 [0140.517] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.517] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.517] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.517] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.517] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.517] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.518] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 1 [0140.518] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.518] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.518] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.518] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.518] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.518] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.518] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x2b10dbc5, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0140.518] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.518] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.518] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.518] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.519] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.519] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.519] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.519] GetFileType (hFile=0x1b8) returned 0x1 [0140.520] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=190) returned 1 [0140.520] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=190) returned 1 [0140.520] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.520] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0xbe, lpOverlapped=0x0) returned 1 [0140.522] ReadFile (in: hFile=0x1b8, lpBuffer=0xc933de, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc933de*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0140.522] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xc0) returned 0x453c70 [0140.522] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xc0) returned 0x453e10 [0140.522] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x453c70 | out: hHeap=0x430000) returned 1 [0140.522] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.523] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.525] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0140.525] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0140.525] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x1c0, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc93064*=0x1c0, lpOverlapped=0x0) returned 1 [0140.526] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0140.529] CloseHandle (hObject=0x1b8) returned 1 [0140.531] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x453e10 | out: hHeap=0x430000) returned 1 [0140.531] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.532] GetLastError () returned 0x12 [0140.532] GetLastError () returned 0x12 [0140.532] SetLastError (dwErrCode=0x12) [0140.532] FindClose (in: hFindFile=0x43fe70 | out: hFindFile=0x43fe70) returned 1 [0140.532] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0140.532] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.532] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.532] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.532] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.532] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.532] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.533] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.533] GetFileType (hFile=0x2e4) returned 0x1 [0140.533] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=504) returned 1 [0140.533] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=504) returned 1 [0140.534] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.534] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x1f8, lpOverlapped=0x0) returned 1 [0140.535] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93e08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93e08*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0140.535] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x200) returned 0x4759a0 [0140.535] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x200) returned 0x4749a0 [0140.535] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4759a0 | out: hHeap=0x430000) returned 1 [0140.536] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.536] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.537] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0140.537] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0140.538] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93954*=0x300, lpOverlapped=0x0) returned 1 [0140.538] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0140.538] CloseHandle (hObject=0x2e4) returned 1 [0140.541] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4749a0 | out: hHeap=0x430000) returned 1 [0140.541] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x871729c0, ftCreationTime.dwHighDateTime=0x1d9328d, ftLastAccessTime.dwLowDateTime=0x83088c60, ftLastAccessTime.dwHighDateTime=0x1d933ab, ftLastWriteTime.dwLowDateTime=0x83088c60, ftLastWriteTime.dwHighDateTime=0x1d933ab, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EhhsBihcckCr8IG", cAlternateFileName="EHHSBI~1")) returned 1 [0140.541] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.541] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.541] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.541] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.541] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.541] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.541] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43fe70 [0140.542] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.542] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.542] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.542] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.542] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.542] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.542] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x871729c0, ftCreationTime.dwHighDateTime=0x1d9328d, ftLastAccessTime.dwLowDateTime=0x83088c60, ftLastAccessTime.dwHighDateTime=0x1d933ab, ftLastWriteTime.dwLowDateTime=0x83088c60, ftLastWriteTime.dwHighDateTime=0x1d933ab, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.542] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.542] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.542] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.542] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.542] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.542] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.543] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaacac7f0, ftCreationTime.dwHighDateTime=0x1d93404, ftLastAccessTime.dwLowDateTime=0xc3b6380, ftLastAccessTime.dwHighDateTime=0x1d935e2, ftLastWriteTime.dwLowDateTime=0xc3b6380, ftLastWriteTime.dwHighDateTime=0x1d935e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lxjKufO2Ryx0y", cAlternateFileName="LXJKUF~1")) returned 1 [0140.543] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.543] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.543] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.543] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.543] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.543] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.543] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9c810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9c810) returned 0x43ff30 [0140.543] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.543] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.543] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.544] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.544] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.544] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.544] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaacac7f0, ftCreationTime.dwHighDateTime=0x1d93404, ftLastAccessTime.dwLowDateTime=0xc3b6380, ftLastAccessTime.dwHighDateTime=0x1d935e2, ftLastWriteTime.dwLowDateTime=0xc3b6380, ftLastWriteTime.dwHighDateTime=0x1d935e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 1 [0140.544] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.544] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.544] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.544] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.544] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.544] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.544] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c44f820, ftCreationTime.dwHighDateTime=0x1d92945, ftLastAccessTime.dwLowDateTime=0xd4d3d110, ftLastAccessTime.dwHighDateTime=0x1d9303d, ftLastWriteTime.dwLowDateTime=0xd4d3d110, ftLastWriteTime.dwHighDateTime=0x1d9303d, nFileSizeHigh=0x0, nFileSizeLow=0x13f4f, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="2WIk7PUQNXx_TmSy5Kz7.bmp", cAlternateFileName="2WIK7P~1.BMP")) returned 1 [0140.544] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.544] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.544] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.544] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.545] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.545] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.545] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\2WIk7PUQNXx_TmSy5Kz7.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\2wik7puqnxx_tmsy5kz7.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.545] GetFileType (hFile=0x31c) returned 0x1 [0140.545] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=81743) returned 1 [0140.545] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=81743) returned 1 [0140.546] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.546] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.546] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.546] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.547] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.548] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.548] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.548] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=81743) returned 1 [0140.548] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.549] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0140.549] WriteFile (in: hFile=0x31c, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0140.550] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0140.550] CloseHandle (hObject=0x31c) returned 1 [0140.556] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.556] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde857d30, ftCreationTime.dwHighDateTime=0x1d9265b, ftLastAccessTime.dwLowDateTime=0x54091a10, ftLastAccessTime.dwHighDateTime=0x1d92d70, ftLastWriteTime.dwLowDateTime=0x54091a10, ftLastWriteTime.dwHighDateTime=0x1d92d70, nFileSizeHigh=0x0, nFileSizeLow=0x13dd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Eupj8q.png", cAlternateFileName="")) returned 1 [0140.556] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.556] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.556] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.556] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.556] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.556] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.557] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\Eupj8q.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\eupj8q.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.557] GetFileType (hFile=0x31c) returned 0x1 [0140.569] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=81361) returned 1 [0140.569] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=81361) returned 1 [0140.569] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.569] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.570] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.570] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.571] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.571] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.572] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.572] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=81361) returned 1 [0140.572] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.573] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0140.574] WriteFile (in: hFile=0x31c, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0140.574] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0140.574] CloseHandle (hObject=0x31c) returned 1 [0140.582] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.582] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x529cc6e0, ftCreationTime.dwHighDateTime=0x1d935d6, ftLastAccessTime.dwLowDateTime=0xb9c41ce0, ftLastAccessTime.dwHighDateTime=0x1d93619, ftLastWriteTime.dwLowDateTime=0xb9c41ce0, ftLastWriteTime.dwHighDateTime=0x1d93619, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JGs8", cAlternateFileName="")) returned 1 [0140.582] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.582] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.582] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.582] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.582] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.582] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.582] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9bf20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9bf20) returned 0x440110 [0140.583] FileTimeToSystemTime (in: lpFileTime=0xc9bf24, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.583] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.583] FileTimeToSystemTime (in: lpFileTime=0xc9bf2c, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.583] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.583] FileTimeToSystemTime (in: lpFileTime=0xc9bf34, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.583] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.583] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9bf20 | out: lpFindFileData=0xc9bf20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x529cc6e0, ftCreationTime.dwHighDateTime=0x1d935d6, ftLastAccessTime.dwLowDateTime=0xb9c41ce0, ftLastAccessTime.dwHighDateTime=0x1d93619, ftLastWriteTime.dwLowDateTime=0xb9c41ce0, ftLastWriteTime.dwHighDateTime=0x1d93619, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.583] FileTimeToSystemTime (in: lpFileTime=0xc9bf24, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.583] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.583] FileTimeToSystemTime (in: lpFileTime=0xc9bf2c, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.583] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.583] FileTimeToSystemTime (in: lpFileTime=0xc9bf34, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.583] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.583] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9bf20 | out: lpFindFileData=0xc9bf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10184430, ftCreationTime.dwHighDateTime=0x1d929dc, ftLastAccessTime.dwLowDateTime=0xd6dd93e0, ftLastAccessTime.dwHighDateTime=0x1d93558, ftLastWriteTime.dwLowDateTime=0xd6dd93e0, ftLastWriteTime.dwHighDateTime=0x1d93558, nFileSizeHigh=0x0, nFileSizeLow=0x10289, dwReserved0=0x0, dwReserved1=0x0, cFileName="1_uI7.png", cAlternateFileName="")) returned 1 [0140.584] FileTimeToSystemTime (in: lpFileTime=0xc9bf24, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.584] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.584] FileTimeToSystemTime (in: lpFileTime=0xc9bf2c, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.584] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.584] FileTimeToSystemTime (in: lpFileTime=0xc9bf34, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.584] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.584] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\1_uI7.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\1_ui7.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc91df8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x320 [0140.584] GetFileType (hFile=0x320) returned 0x1 [0140.585] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc91f88*=66185) returned 1 [0140.585] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc91f38*=66185) returned 1 [0140.585] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc91f88*=0) returned 1 [0140.585] ReadFile (in: hFile=0x320, lpBuffer=0xc92140, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc91ef8, lpOverlapped=0x0 | out: lpBuffer=0xc92140*, lpNumberOfBytesRead=0xc91ef8*=0x5000, lpOverlapped=0x0) returned 1 [0140.585] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.585] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.587] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.587] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc91f88*=0) returned 1 [0140.587] WriteFile (in: hFile=0x320, lpBuffer=0xc97140*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc91df4, lpOverlapped=0x0 | out: lpBuffer=0xc97140*, lpNumberOfBytesWritten=0xc91df4*=0x5000, lpOverlapped=0x0) returned 1 [0140.587] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc91f88*=66185) returned 1 [0140.587] WriteFile (in: hFile=0x320, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc91df4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc91df4*=0x5000, lpOverlapped=0x0) returned 1 [0140.588] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0140.590] WriteFile (in: hFile=0x320, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc91e84, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc91e84*=0x110, lpOverlapped=0x0) returned 1 [0140.590] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0140.590] CloseHandle (hObject=0x320) returned 1 [0140.595] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.595] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9bf20 | out: lpFindFileData=0xc9bf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a3b8640, ftCreationTime.dwHighDateTime=0x1d92c48, ftLastAccessTime.dwLowDateTime=0x1635d50, ftLastAccessTime.dwHighDateTime=0x1d934e3, ftLastWriteTime.dwLowDateTime=0x1635d50, ftLastWriteTime.dwHighDateTime=0x1d934e3, nFileSizeHigh=0x0, nFileSizeLow=0x33f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="7UDTxkOjDUVVzv7hqCX.jpg", cAlternateFileName="7UDTXK~1.JPG")) returned 1 [0140.595] FileTimeToSystemTime (in: lpFileTime=0xc9bf24, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.595] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.595] FileTimeToSystemTime (in: lpFileTime=0xc9bf2c, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.595] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.595] FileTimeToSystemTime (in: lpFileTime=0xc9bf34, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.595] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.595] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\7UDTxkOjDUVVzv7hqCX.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\7udtxkojduvvzv7hqcx.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc91df8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x320 [0140.596] GetFileType (hFile=0x320) returned 0x1 [0140.596] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc91f88*=13303) returned 1 [0140.596] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc91f38*=13303) returned 1 [0140.596] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc91f88*=0) returned 1 [0140.596] ReadFile (in: hFile=0x320, lpBuffer=0xc92140, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc91ef8, lpOverlapped=0x0 | out: lpBuffer=0xc92140*, lpNumberOfBytesRead=0xc91ef8*=0x33f7, lpOverlapped=0x0) returned 1 [0140.596] ReadFile (in: hFile=0x320, lpBuffer=0xc95537, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc91ef8, lpOverlapped=0x0 | out: lpBuffer=0xc95537*, lpNumberOfBytesRead=0xc91ef8*=0x0, lpOverlapped=0x0) returned 1 [0140.597] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3400) returned 0x15b58c0 [0140.597] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3400) returned 0x4ba7e0 [0140.598] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.598] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc91f88*=0) returned 1 [0140.598] WriteFile (in: hFile=0x320, lpBuffer=0xc97140*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc91df4, lpOverlapped=0x0 | out: lpBuffer=0xc97140*, lpNumberOfBytesWritten=0xc91df4*=0x5000, lpOverlapped=0x0) returned 1 [0140.598] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc91f88*=20480) returned 1 [0140.599] WriteFile (in: hFile=0x320, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0xc91df4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc91df4*=0x3000, lpOverlapped=0x0) returned 1 [0140.599] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0140.599] WriteFile (in: hFile=0x320, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0xc91e84, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc91e84*=0x500, lpOverlapped=0x0) returned 1 [0140.600] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0140.600] CloseHandle (hObject=0x320) returned 1 [0140.606] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.606] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9bf20 | out: lpFindFileData=0xc9bf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa830120, ftCreationTime.dwHighDateTime=0x1d92c4a, ftLastAccessTime.dwLowDateTime=0x1dba6ec0, ftLastAccessTime.dwHighDateTime=0x1d9335e, ftLastWriteTime.dwLowDateTime=0x1dba6ec0, ftLastWriteTime.dwHighDateTime=0x1d9335e, nFileSizeHigh=0x0, nFileSizeLow=0x17918, dwReserved0=0x0, dwReserved1=0x0, cFileName="M3 f2oSr-.jpg", cAlternateFileName="M3F2OS~1.JPG")) returned 1 [0140.606] FileTimeToSystemTime (in: lpFileTime=0xc9bf24, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.606] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.606] FileTimeToSystemTime (in: lpFileTime=0xc9bf2c, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.606] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.606] FileTimeToSystemTime (in: lpFileTime=0xc9bf34, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.606] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.607] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\M3 f2oSr-.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\m3 f2osr-.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc91df8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x320 [0140.607] GetFileType (hFile=0x320) returned 0x1 [0140.607] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc91f88*=96536) returned 1 [0140.607] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc91f38*=96536) returned 1 [0140.607] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc91f88*=0) returned 1 [0140.607] ReadFile (in: hFile=0x320, lpBuffer=0xc92140, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc91ef8, lpOverlapped=0x0 | out: lpBuffer=0xc92140*, lpNumberOfBytesRead=0xc91ef8*=0x5000, lpOverlapped=0x0) returned 1 [0140.608] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.608] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.609] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.609] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc91f88*=0) returned 1 [0140.609] WriteFile (in: hFile=0x320, lpBuffer=0xc97140*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc91df4, lpOverlapped=0x0 | out: lpBuffer=0xc97140*, lpNumberOfBytesWritten=0xc91df4*=0x5000, lpOverlapped=0x0) returned 1 [0140.609] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc91f88*=96536) returned 1 [0140.609] WriteFile (in: hFile=0x320, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc91df4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc91df4*=0x5000, lpOverlapped=0x0) returned 1 [0140.610] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0140.610] WriteFile (in: hFile=0x320, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc91e84, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc91e84*=0x110, lpOverlapped=0x0) returned 1 [0140.611] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0140.611] CloseHandle (hObject=0x320) returned 1 [0140.617] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.617] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9bf20 | out: lpFindFileData=0xc9bf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d8138b0, ftCreationTime.dwHighDateTime=0x1d92a43, ftLastAccessTime.dwLowDateTime=0x7ab39480, ftLastAccessTime.dwHighDateTime=0x1d932e1, ftLastWriteTime.dwLowDateTime=0x7ab39480, ftLastWriteTime.dwHighDateTime=0x1d932e1, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pc158sefqrED.bmp", cAlternateFileName="PC158S~1.BMP")) returned 1 [0140.617] FileTimeToSystemTime (in: lpFileTime=0xc9bf24, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.617] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.617] FileTimeToSystemTime (in: lpFileTime=0xc9bf2c, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.617] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.617] FileTimeToSystemTime (in: lpFileTime=0xc9bf34, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.617] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.618] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\Pc158sefqrED.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\pc158sefqred.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc91df8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x320 [0140.618] GetFileType (hFile=0x320) returned 0x1 [0140.618] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc91f88*=13643) returned 1 [0140.618] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc91f38*=13643) returned 1 [0140.618] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc91f88*=0) returned 1 [0140.618] ReadFile (in: hFile=0x320, lpBuffer=0xc92140, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc91ef8, lpOverlapped=0x0 | out: lpBuffer=0xc92140*, lpNumberOfBytesRead=0xc91ef8*=0x354b, lpOverlapped=0x0) returned 1 [0140.619] ReadFile (in: hFile=0x320, lpBuffer=0xc9568b, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc91ef8, lpOverlapped=0x0 | out: lpBuffer=0xc9568b*, lpNumberOfBytesRead=0xc91ef8*=0x0, lpOverlapped=0x0) returned 1 [0140.619] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3550) returned 0x15b58c0 [0140.619] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3550) returned 0x4ba7e0 [0140.619] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.620] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc91f88*=0) returned 1 [0140.620] WriteFile (in: hFile=0x320, lpBuffer=0xc97140*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc91df4, lpOverlapped=0x0 | out: lpBuffer=0xc97140*, lpNumberOfBytesWritten=0xc91df4*=0x5000, lpOverlapped=0x0) returned 1 [0140.621] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc91f88*=20480) returned 1 [0140.621] WriteFile (in: hFile=0x320, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0xc91df4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc91df4*=0x3000, lpOverlapped=0x0) returned 1 [0140.621] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0140.622] WriteFile (in: hFile=0x320, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0xc91e84, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc91e84*=0x650, lpOverlapped=0x0) returned 1 [0140.622] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0140.622] CloseHandle (hObject=0x320) returned 1 [0140.625] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.625] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9bf20 | out: lpFindFileData=0xc9bf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1687d3d0, ftCreationTime.dwHighDateTime=0x1d932b5, ftLastAccessTime.dwLowDateTime=0x64f41950, ftLastAccessTime.dwHighDateTime=0x1d934c9, ftLastWriteTime.dwLowDateTime=0x64f41950, ftLastWriteTime.dwHighDateTime=0x1d934c9, nFileSizeHigh=0x0, nFileSizeLow=0x8770, dwReserved0=0x0, dwReserved1=0x0, cFileName="too6KBp5JugIc.jpg", cAlternateFileName="TOO6KB~1.JPG")) returned 1 [0140.625] FileTimeToSystemTime (in: lpFileTime=0xc9bf24, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.625] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.625] FileTimeToSystemTime (in: lpFileTime=0xc9bf2c, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.625] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.626] FileTimeToSystemTime (in: lpFileTime=0xc9bf34, lpSystemTime=0xc9bec0 | out: lpSystemTime=0xc9bec0) returned 1 [0140.626] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9bec0, lpLocalTime=0xc9beb0 | out: lpLocalTime=0xc9beb0) returned 1 [0140.626] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\too6KBp5JugIc.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\too6kbp5jugic.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc91df8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x320 [0140.626] GetFileType (hFile=0x320) returned 0x1 [0140.626] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc91f88*=34672) returned 1 [0140.626] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc91f38*=34672) returned 1 [0140.627] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc91f88*=0) returned 1 [0140.627] ReadFile (in: hFile=0x320, lpBuffer=0xc92140, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc91ef8, lpOverlapped=0x0 | out: lpBuffer=0xc92140*, lpNumberOfBytesRead=0xc91ef8*=0x5000, lpOverlapped=0x0) returned 1 [0140.627] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.627] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.629] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.629] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc91f88*=0) returned 1 [0140.629] WriteFile (in: hFile=0x320, lpBuffer=0xc97140*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc91df4, lpOverlapped=0x0 | out: lpBuffer=0xc97140*, lpNumberOfBytesWritten=0xc91df4*=0x5000, lpOverlapped=0x0) returned 1 [0140.629] SetFilePointerEx (in: hFile=0x320, liDistanceToMove=0x0, lpNewFilePointer=0xc91f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc91f88*=34672) returned 1 [0140.629] WriteFile (in: hFile=0x320, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc91df4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc91df4*=0x5000, lpOverlapped=0x0) returned 1 [0140.630] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0140.630] WriteFile (in: hFile=0x320, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc91e84, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc91e84*=0x110, lpOverlapped=0x0) returned 1 [0140.631] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0140.631] CloseHandle (hObject=0x320) returned 1 [0140.638] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.638] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9bf20 | out: lpFindFileData=0xc9bf20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.638] GetLastError () returned 0x12 [0140.638] GetLastError () returned 0x12 [0140.638] SetLastError (dwErrCode=0x12) [0140.638] FindClose (in: hFindFile=0x440110 | out: hFindFile=0x440110) returned 1 [0140.639] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x529cc6e0, ftCreationTime.dwHighDateTime=0x1d935d6, ftLastAccessTime.dwLowDateTime=0xb9c41ce0, ftLastAccessTime.dwHighDateTime=0x1d93619, ftLastWriteTime.dwLowDateTime=0xb9c41ce0, ftLastWriteTime.dwHighDateTime=0x1d93619, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JGs8", cAlternateFileName="翸")) returned 0 [0140.639] GetLastError () returned 0x12 [0140.639] GetLastError () returned 0x12 [0140.639] SetLastError (dwErrCode=0x12) [0140.639] FindClose (in: hFindFile=0x43ff30 | out: hFindFile=0x43ff30) returned 1 [0140.639] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2807db50, ftCreationTime.dwHighDateTime=0x1d930f3, ftLastAccessTime.dwLowDateTime=0x891ceab0, ftLastAccessTime.dwHighDateTime=0x1d933d3, ftLastWriteTime.dwLowDateTime=0x891ceab0, ftLastWriteTime.dwHighDateTime=0x1d933d3, nFileSizeHigh=0x0, nFileSizeLow=0x5f14, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="QQPwJf44SZ2yym1FzZ6q.gif", cAlternateFileName="QQPWJF~1.GIF")) returned 1 [0140.639] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.639] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.639] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.639] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.639] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.640] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.640] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\QQPwJf44SZ2yym1FzZ6q.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\qqpwjf44sz2yym1fzz6q.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.640] GetFileType (hFile=0x1b8) returned 0x1 [0140.640] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=24340) returned 1 [0140.641] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=24340) returned 1 [0140.641] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.641] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.641] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.641] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.643] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.643] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.643] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.643] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=24340) returned 1 [0140.644] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.644] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0140.645] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.645] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0140.645] CloseHandle (hObject=0x1b8) returned 1 [0140.649] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.649] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57693070, ftCreationTime.dwHighDateTime=0x1d92abc, ftLastAccessTime.dwLowDateTime=0x7ee8fa80, ftLastAccessTime.dwHighDateTime=0x1d92ac2, ftLastWriteTime.dwLowDateTime=0x7ee8fa80, ftLastWriteTime.dwHighDateTime=0x1d92ac2, nFileSizeHigh=0x0, nFileSizeLow=0xd7e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S2eTpaTNodEH.png", cAlternateFileName="S2ETPA~1.PNG")) returned 1 [0140.649] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.649] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.649] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.649] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.649] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.649] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.650] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\S2eTpaTNodEH.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\s2etpatnodeh.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.650] GetFileType (hFile=0x1b8) returned 0x1 [0140.650] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=55264) returned 1 [0140.650] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=55264) returned 1 [0140.650] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.650] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.679] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.679] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.680] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.680] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.681] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.681] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=55264) returned 1 [0140.681] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.682] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0140.682] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.683] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0140.683] CloseHandle (hObject=0x1b8) returned 1 [0140.689] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.689] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.689] GetLastError () returned 0x12 [0140.689] GetLastError () returned 0x12 [0140.689] SetLastError (dwErrCode=0x12) [0140.689] FindClose (in: hFindFile=0x43fe70 | out: hFindFile=0x43fe70) returned 1 [0140.690] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7ec3740, ftCreationTime.dwHighDateTime=0x1d928cd, ftLastAccessTime.dwLowDateTime=0xd8f336a0, ftLastAccessTime.dwHighDateTime=0x1d932a9, ftLastWriteTime.dwLowDateTime=0xd8f336a0, ftLastWriteTime.dwHighDateTime=0x1d932a9, nFileSizeHigh=0x0, nFileSizeLow=0x7b7e, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="H9kLrv3 mNT.png", cAlternateFileName="H9KLRV~1.PNG")) returned 1 [0140.690] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.690] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.690] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.690] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.690] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.690] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.691] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\H9kLrv3 mNT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\h9klrv3 mnt.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.691] GetFileType (hFile=0x2e4) returned 0x1 [0140.691] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=31614) returned 1 [0140.691] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=31614) returned 1 [0140.691] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.692] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0140.692] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.692] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.693] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.693] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.694] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.694] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=31614) returned 1 [0140.694] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.695] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0140.695] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0140.696] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0140.696] CloseHandle (hObject=0x2e4) returned 1 [0140.702] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.702] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x962f7d70, ftCreationTime.dwHighDateTime=0x1d92772, ftLastAccessTime.dwLowDateTime=0x19f09020, ftLastAccessTime.dwHighDateTime=0x1d935bc, ftLastWriteTime.dwLowDateTime=0x19f09020, ftLastWriteTime.dwHighDateTime=0x1d935bc, nFileSizeHigh=0x0, nFileSizeLow=0x17963, dwReserved0=0x0, dwReserved1=0x0, cFileName="ikvCOG.jpg", cAlternateFileName="")) returned 1 [0140.702] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.702] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.702] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.703] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ikvCOG.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ikvcog.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0140.703] GetFileType (hFile=0x2e4) returned 0x1 [0140.703] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=96611) returned 1 [0140.703] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=96611) returned 1 [0140.703] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.704] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0140.704] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.704] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.705] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.705] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0140.705] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.706] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=96611) returned 1 [0140.706] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0140.707] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0140.707] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0140.708] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0140.708] CloseHandle (hObject=0x2e4) returned 1 [0140.714] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.716] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa707b4f0, ftCreationTime.dwHighDateTime=0x1d92ace, ftLastAccessTime.dwLowDateTime=0x8e6f6af0, ftLastAccessTime.dwHighDateTime=0x1d92c2c, ftLastWriteTime.dwLowDateTime=0x8e6f6af0, ftLastWriteTime.dwHighDateTime=0x1d92c2c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkqOdeK", cAlternateFileName="")) returned 1 [0140.716] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.716] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.716] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.716] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\pkqOdeK\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\pkqodek\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43ff30 [0140.717] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.717] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.717] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.717] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa707b4f0, ftCreationTime.dwHighDateTime=0x1d92ace, ftLastAccessTime.dwLowDateTime=0x8e6f6af0, ftLastAccessTime.dwHighDateTime=0x1d92c2c, ftLastWriteTime.dwLowDateTime=0x8e6f6af0, ftLastWriteTime.dwHighDateTime=0x1d92c2c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.717] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.717] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.718] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.718] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.718] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e88760, ftCreationTime.dwHighDateTime=0x1d92c68, ftLastAccessTime.dwLowDateTime=0xcebc9390, ftLastAccessTime.dwHighDateTime=0x1d93239, ftLastWriteTime.dwLowDateTime=0xcebc9390, ftLastWriteTime.dwHighDateTime=0x1d93239, nFileSizeHigh=0x0, nFileSizeLow=0x11187, dwReserved0=0x0, dwReserved1=0x0, cFileName="LoRrpbPb3hyX.bmp", cAlternateFileName="LORRPB~1.BMP")) returned 1 [0140.718] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.718] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.718] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.718] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.718] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.718] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.718] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\pkqOdeK\\LoRrpbPb3hyX.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\pkqodek\\lorrpbpb3hyx.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.719] GetFileType (hFile=0x1b8) returned 0x1 [0140.719] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=70023) returned 1 [0140.719] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=70023) returned 1 [0140.719] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.719] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.720] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.720] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.721] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.721] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.721] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.722] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=70023) returned 1 [0140.722] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.723] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0140.723] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.724] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0140.724] CloseHandle (hObject=0x1b8) returned 1 [0140.729] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.729] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x218d2730, ftCreationTime.dwHighDateTime=0x1d929d2, ftLastAccessTime.dwLowDateTime=0xc614850, ftLastAccessTime.dwHighDateTime=0x1d933f0, ftLastWriteTime.dwLowDateTime=0xc614850, ftLastWriteTime.dwHighDateTime=0x1d933f0, nFileSizeHigh=0x0, nFileSizeLow=0x1090b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ogc4R89imU.gif", cAlternateFileName="OGC4R8~1.GIF")) returned 1 [0140.731] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.731] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.731] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.732] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.732] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\pkqOdeK\\Ogc4R89imU.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\pkqodek\\ogc4r89imu.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.732] GetFileType (hFile=0x1b8) returned 0x1 [0140.732] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=67851) returned 1 [0140.732] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=67851) returned 1 [0140.732] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.733] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.733] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.733] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.734] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.734] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.734] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.735] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=67851) returned 1 [0140.735] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.735] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0140.736] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.736] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0140.736] CloseHandle (hObject=0x1b8) returned 1 [0140.741] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.741] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa492dc50, ftCreationTime.dwHighDateTime=0x1d9333d, ftLastAccessTime.dwLowDateTime=0xa5fa3fe0, ftLastAccessTime.dwHighDateTime=0x1d9357f, ftLastWriteTime.dwLowDateTime=0xa5fa3fe0, ftLastWriteTime.dwHighDateTime=0x1d9357f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SBhHtZEuj_zd1mmTI", cAlternateFileName="SBHHTZ~1")) returned 1 [0140.741] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.741] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.741] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.741] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.741] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.741] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.741] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\pkqOdeK\\SBhHtZEuj_zd1mmTI\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\pkqodek\\sbhhtzeuj_zd1mmti\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9c810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9c810) returned 0x43fe70 [0140.742] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.742] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.742] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.742] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa492dc50, ftCreationTime.dwHighDateTime=0x1d9333d, ftLastAccessTime.dwLowDateTime=0xa5fa3fe0, ftLastAccessTime.dwHighDateTime=0x1d9357f, ftLastWriteTime.dwLowDateTime=0xa5fa3fe0, ftLastWriteTime.dwHighDateTime=0x1d9357f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.742] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.742] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.743] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.743] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.743] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a094900, ftCreationTime.dwHighDateTime=0x1d92671, ftLastAccessTime.dwLowDateTime=0xec454ee0, ftLastAccessTime.dwHighDateTime=0x1d92a6c, ftLastWriteTime.dwLowDateTime=0xec454ee0, ftLastWriteTime.dwHighDateTime=0x1d92a6c, nFileSizeHigh=0x0, nFileSizeLow=0xc7a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="__S3.gif", cAlternateFileName="")) returned 1 [0140.743] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.743] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.743] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.743] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.743] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.743] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.743] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\pkqOdeK\\SBhHtZEuj_zd1mmTI\\__S3.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\pkqodek\\sbhhtzeuj_zd1mmti\\__s3.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.744] GetFileType (hFile=0x31c) returned 0x1 [0140.744] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=51105) returned 1 [0140.744] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=51105) returned 1 [0140.744] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.744] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.745] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.745] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.747] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.747] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.747] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.747] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=51105) returned 1 [0140.747] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.748] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0140.749] WriteFile (in: hFile=0x31c, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0140.749] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0140.750] CloseHandle (hObject=0x31c) returned 1 [0140.755] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.756] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.756] GetLastError () returned 0x12 [0140.756] GetLastError () returned 0x12 [0140.756] SetLastError (dwErrCode=0x12) [0140.756] FindClose (in: hFindFile=0x43fe70 | out: hFindFile=0x43fe70) returned 1 [0140.756] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa492dc50, ftCreationTime.dwHighDateTime=0x1d9333d, ftLastAccessTime.dwLowDateTime=0xa5fa3fe0, ftLastAccessTime.dwHighDateTime=0x1d9357f, ftLastWriteTime.dwLowDateTime=0xa5fa3fe0, ftLastWriteTime.dwHighDateTime=0x1d9357f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SBhHtZEuj_zd1mmTI", cAlternateFileName="翸")) returned 0 [0140.756] GetLastError () returned 0x12 [0140.756] GetLastError () returned 0x12 [0140.756] SetLastError (dwErrCode=0x12) [0140.756] FindClose (in: hFindFile=0x43ff30 | out: hFindFile=0x43ff30) returned 1 [0140.757] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x25a9fa90, ftCreationTime.dwHighDateTime=0x1d92b13, ftLastAccessTime.dwLowDateTime=0x3ee6b7a0, ftLastAccessTime.dwHighDateTime=0x1d92df7, ftLastWriteTime.dwLowDateTime=0x3ee6b7a0, ftLastWriteTime.dwHighDateTime=0x1d92df7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="s3tdcFngvww9ooYMn", cAlternateFileName="S3TDCF~1")) returned 1 [0140.757] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.757] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.757] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0140.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0140.757] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43fe70 [0140.757] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.758] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.758] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.758] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.758] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.758] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x25a9fa90, ftCreationTime.dwHighDateTime=0x1d92b13, ftLastAccessTime.dwLowDateTime=0x3ee6b7a0, ftLastAccessTime.dwHighDateTime=0x1d92df7, ftLastWriteTime.dwLowDateTime=0x3ee6b7a0, ftLastWriteTime.dwHighDateTime=0x1d92df7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.758] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.758] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.758] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.758] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.758] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.758] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.758] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c68de30, ftCreationTime.dwHighDateTime=0x1d93619, ftLastAccessTime.dwLowDateTime=0xba197260, ftLastAccessTime.dwHighDateTime=0x1d93625, ftLastWriteTime.dwLowDateTime=0xba197260, ftLastWriteTime.dwHighDateTime=0x1d93625, nFileSizeHigh=0x0, nFileSizeLow=0xe639, dwReserved0=0x0, dwReserved1=0x0, cFileName="-WjqwOI4uBb8V.jpg", cAlternateFileName="-WJQWO~1.JPG")) returned 1 [0140.758] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.759] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.759] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.759] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.759] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.759] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.759] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\-WjqwOI4uBb8V.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\-wjqwoi4ubb8v.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.760] GetFileType (hFile=0x1b8) returned 0x1 [0140.760] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=58937) returned 1 [0140.760] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=58937) returned 1 [0140.760] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.760] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0140.765] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.765] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.766] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.766] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.766] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.767] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=58937) returned 1 [0140.767] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.768] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0140.768] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0140.769] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0140.769] CloseHandle (hObject=0x1b8) returned 1 [0140.773] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.773] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa146c600, ftCreationTime.dwHighDateTime=0x1d928b2, ftLastAccessTime.dwLowDateTime=0x5e72a90, ftLastAccessTime.dwHighDateTime=0x1d932dc, ftLastWriteTime.dwLowDateTime=0x5e72a90, ftLastWriteTime.dwHighDateTime=0x1d932dc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4wJ3vQA", cAlternateFileName="")) returned 1 [0140.773] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.773] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.773] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.773] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.774] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.774] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.774] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9c810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9c810) returned 0x43ff30 [0140.774] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.774] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.774] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.774] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.774] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.774] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.774] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa146c600, ftCreationTime.dwHighDateTime=0x1d928b2, ftLastAccessTime.dwLowDateTime=0x5e72a90, ftLastAccessTime.dwHighDateTime=0x1d932dc, ftLastWriteTime.dwLowDateTime=0x5e72a90, ftLastWriteTime.dwHighDateTime=0x1d932dc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.775] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.775] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.775] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.775] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.775] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.775] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.775] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc89303f0, ftCreationTime.dwHighDateTime=0x1d9322f, ftLastAccessTime.dwLowDateTime=0x14f96440, ftLastAccessTime.dwHighDateTime=0x1d932b8, ftLastWriteTime.dwLowDateTime=0x14f96440, ftLastWriteTime.dwHighDateTime=0x1d932b8, nFileSizeHigh=0x0, nFileSizeLow=0x142bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="bQzgCK.jpg", cAlternateFileName="")) returned 1 [0140.775] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.775] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.775] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.775] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.775] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.775] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.776] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\bQzgCK.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\bqzgck.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.777] GetFileType (hFile=0x31c) returned 0x1 [0140.777] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=82620) returned 1 [0140.777] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=82620) returned 1 [0140.777] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.777] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.778] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.778] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.779] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.779] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.779] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.780] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=82620) returned 1 [0140.780] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.781] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0140.781] WriteFile (in: hFile=0x31c, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0140.782] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0140.782] CloseHandle (hObject=0x31c) returned 1 [0140.789] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.789] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3f52840, ftCreationTime.dwHighDateTime=0x1d92e52, ftLastAccessTime.dwLowDateTime=0x8d1864f0, ftLastAccessTime.dwHighDateTime=0x1d93257, ftLastWriteTime.dwLowDateTime=0x8d1864f0, ftLastWriteTime.dwHighDateTime=0x1d93257, nFileSizeHigh=0x0, nFileSizeLow=0x12554, dwReserved0=0x0, dwReserved1=0x0, cFileName="FaNivGNUHSksG.gif", cAlternateFileName="FANIVG~1.GIF")) returned 1 [0140.789] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.789] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.789] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.789] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.789] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.789] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.790] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\FaNivGNUHSksG.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\fanivgnuhsksg.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.790] GetFileType (hFile=0x31c) returned 0x1 [0140.790] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=75092) returned 1 [0140.790] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=75092) returned 1 [0140.790] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.790] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.791] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.791] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.793] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.793] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.793] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.793] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=75092) returned 1 [0140.793] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.794] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0140.794] WriteFile (in: hFile=0x31c, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0140.795] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0140.795] CloseHandle (hObject=0x31c) returned 1 [0140.801] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.801] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10a57f10, ftCreationTime.dwHighDateTime=0x1d931ea, ftLastAccessTime.dwLowDateTime=0x7801b3d0, ftLastAccessTime.dwHighDateTime=0x1d934b6, ftLastWriteTime.dwLowDateTime=0x7801b3d0, ftLastWriteTime.dwHighDateTime=0x1d934b6, nFileSizeHigh=0x0, nFileSizeLow=0x13595, dwReserved0=0x0, dwReserved1=0x0, cFileName="jezQ-IVycZrs-.bmp", cAlternateFileName="JEZQ-I~1.BMP")) returned 1 [0140.801] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.801] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.801] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.801] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.801] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.801] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.802] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\jezQ-IVycZrs-.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\jezq-ivyczrs-.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.802] GetFileType (hFile=0x31c) returned 0x1 [0140.802] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=79253) returned 1 [0140.802] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=79253) returned 1 [0140.802] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.802] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.803] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.803] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.804] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.804] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.804] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.805] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=79253) returned 1 [0140.805] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.806] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0140.806] WriteFile (in: hFile=0x31c, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0140.806] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0140.806] CloseHandle (hObject=0x31c) returned 1 [0140.820] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.820] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7a98250, ftCreationTime.dwHighDateTime=0x1d928a1, ftLastAccessTime.dwLowDateTime=0x1ccafed0, ftLastAccessTime.dwHighDateTime=0x1d92fb2, ftLastWriteTime.dwLowDateTime=0x1ccafed0, ftLastWriteTime.dwHighDateTime=0x1d92fb2, nFileSizeHigh=0x0, nFileSizeLow=0x128e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="M7 0zS.png", cAlternateFileName="M70ZS~1.PNG")) returned 1 [0140.821] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.821] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.821] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.821] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.821] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.821] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.821] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\M7 0zS.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\m7 0zs.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.822] GetFileType (hFile=0x31c) returned 0x1 [0140.822] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=76001) returned 1 [0140.822] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=76001) returned 1 [0140.822] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.822] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.822] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.823] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.825] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.825] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.825] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.825] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=76001) returned 1 [0140.825] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.826] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0140.826] WriteFile (in: hFile=0x31c, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0140.827] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0140.827] CloseHandle (hObject=0x31c) returned 1 [0140.832] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.832] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a792b80, ftCreationTime.dwHighDateTime=0x1d9360c, ftLastAccessTime.dwLowDateTime=0x64a02ea0, ftLastAccessTime.dwHighDateTime=0x1d93616, ftLastWriteTime.dwLowDateTime=0x64a02ea0, ftLastWriteTime.dwHighDateTime=0x1d93616, nFileSizeHigh=0x0, nFileSizeLow=0xf435, dwReserved0=0x0, dwReserved1=0x0, cFileName="oT_jQHzD6FkulT1Y.gif", cAlternateFileName="OT_JQH~1.GIF")) returned 1 [0140.832] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.832] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.832] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.832] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.832] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.832] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.833] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\oT_jQHzD6FkulT1Y.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\ot_jqhzd6fkult1y.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.833] GetFileType (hFile=0x31c) returned 0x1 [0140.833] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=62517) returned 1 [0140.833] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=62517) returned 1 [0140.834] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.834] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.834] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.834] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.836] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.836] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.836] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.836] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=62517) returned 1 [0140.837] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.837] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0140.838] WriteFile (in: hFile=0x31c, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0140.838] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0140.839] CloseHandle (hObject=0x31c) returned 1 [0140.844] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.845] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.845] GetLastError () returned 0x12 [0140.845] GetLastError () returned 0x12 [0140.845] SetLastError (dwErrCode=0x12) [0140.845] FindClose (in: hFindFile=0x43ff30 | out: hFindFile=0x43ff30) returned 1 [0140.845] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1f3a4c0, ftCreationTime.dwHighDateTime=0x1d92ccb, ftLastAccessTime.dwLowDateTime=0xf30b8c60, ftLastAccessTime.dwHighDateTime=0x1d92e97, ftLastWriteTime.dwLowDateTime=0xf30b8c60, ftLastWriteTime.dwHighDateTime=0x1d92e97, nFileSizeHigh=0x0, nFileSizeLow=0x4f5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="5iJsNnxngia9PWK-bt_D.bmp", cAlternateFileName="5IJSNN~1.BMP")) returned 1 [0140.845] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.845] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.845] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.846] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\5iJsNnxngia9PWK-bt_D.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\5ijsnnxngia9pwk-bt_d.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0140.846] GetFileType (hFile=0x1b8) returned 0x1 [0140.846] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20316) returned 1 [0140.846] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=20316) returned 1 [0140.846] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.847] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x4f5c, lpOverlapped=0x0) returned 1 [0140.847] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0140.847] ReadFile (in: hFile=0x1b8, lpBuffer=0x4d2220, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc93068, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesRead=0xc93068*=0x0, lpOverlapped=0x0) returned 1 [0140.847] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x4f60) returned 0x15b58c0 [0140.847] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x4f60) returned 0x4ba7e0 [0140.848] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.848] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0140.849] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0140.849] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0140.849] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x4000, lpOverlapped=0x0) returned 1 [0140.850] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc92f74, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc92f74*=0x1000, lpOverlapped=0x0) returned 1 [0140.850] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93064*=0x60, lpOverlapped=0x0) returned 1 [0140.851] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0140.851] CloseHandle (hObject=0x1b8) returned 1 [0140.854] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.892] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8960a0c0, ftCreationTime.dwHighDateTime=0x1d9354f, ftLastAccessTime.dwLowDateTime=0xaa4f2ad0, ftLastAccessTime.dwHighDateTime=0x1d9356e, ftLastWriteTime.dwLowDateTime=0xaa4f2ad0, ftLastWriteTime.dwHighDateTime=0x1d9356e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="60hPj", cAlternateFileName="")) returned 1 [0140.892] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.892] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.892] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.892] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.892] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0140.892] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0140.892] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9c810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9c810) returned 0x43ff30 [0140.892] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.892] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.893] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.893] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.893] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.893] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.893] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8960a0c0, ftCreationTime.dwHighDateTime=0x1d9354f, ftLastAccessTime.dwLowDateTime=0xaa4f2ad0, ftLastAccessTime.dwHighDateTime=0x1d9356e, ftLastWriteTime.dwLowDateTime=0xaa4f2ad0, ftLastWriteTime.dwHighDateTime=0x1d9356e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.893] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.893] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.893] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.893] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.893] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.893] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.893] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82ffc3b0, ftCreationTime.dwHighDateTime=0x1d933b4, ftLastAccessTime.dwLowDateTime=0xfc3c1580, ftLastAccessTime.dwHighDateTime=0x1d93567, ftLastWriteTime.dwLowDateTime=0xfc3c1580, ftLastWriteTime.dwHighDateTime=0x1d93567, nFileSizeHigh=0x0, nFileSizeLow=0x781d, dwReserved0=0x0, dwReserved1=0x0, cFileName="0i-BfxeBoDoclU3m-.bmp", cAlternateFileName="0I-BFX~1.BMP")) returned 1 [0140.893] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.893] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.893] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.893] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.894] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.894] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.894] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\0i-BfxeBoDoclU3m-.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\0i-bfxebodoclu3m-.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.894] GetFileType (hFile=0x31c) returned 0x1 [0140.894] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=30749) returned 1 [0140.894] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=30749) returned 1 [0140.894] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.895] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.895] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.895] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.896] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.896] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.896] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.896] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=30749) returned 1 [0140.897] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.897] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0140.897] WriteFile (in: hFile=0x31c, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0140.898] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0140.898] CloseHandle (hObject=0x31c) returned 1 [0140.901] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.901] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93cdb4d0, ftCreationTime.dwHighDateTime=0x1d93027, ftLastAccessTime.dwLowDateTime=0x6532d120, ftLastAccessTime.dwHighDateTime=0x1d930c5, ftLastWriteTime.dwLowDateTime=0x6532d120, ftLastWriteTime.dwHighDateTime=0x1d930c5, nFileSizeHigh=0x0, nFileSizeLow=0x43c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="G1KIWWVd xjOl4J I-dX.jpg", cAlternateFileName="G1KIWW~1.JPG")) returned 1 [0140.901] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.901] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.902] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.902] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.902] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.902] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.902] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\G1KIWWVd xjOl4J I-dX.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\g1kiwwvd xjol4j i-dx.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.902] GetFileType (hFile=0x31c) returned 0x1 [0140.902] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=17351) returned 1 [0140.902] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=17351) returned 1 [0140.903] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.903] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x43c7, lpOverlapped=0x0) returned 1 [0140.903] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0140.903] ReadFile (in: hFile=0x31c, lpBuffer=0x4d5250, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc92778, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesRead=0xc92778*=0x0, lpOverlapped=0x0) returned 1 [0140.903] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x43d0) returned 0x15b58c0 [0140.903] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x43d0) returned 0x4ba7e0 [0140.904] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.904] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.904] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.905] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=20480) returned 1 [0140.905] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x4000, lpOverlapped=0x0) returned 1 [0140.905] WriteFile (in: hFile=0x31c, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc92774*=0x4d0, lpOverlapped=0x0) returned 1 [0140.906] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0140.906] CloseHandle (hObject=0x31c) returned 1 [0140.908] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.909] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5aa4b1f0, ftCreationTime.dwHighDateTime=0x1d92d65, ftLastAccessTime.dwLowDateTime=0x5df876f0, ftLastAccessTime.dwHighDateTime=0x1d932ee, ftLastWriteTime.dwLowDateTime=0x5df876f0, ftLastWriteTime.dwHighDateTime=0x1d932ee, nFileSizeHigh=0x0, nFileSizeLow=0x7c0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OQZhyhRrm5gu.gif", cAlternateFileName="OQZHYH~1.GIF")) returned 1 [0140.909] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.909] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.909] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.909] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.909] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.909] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.909] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\OQZhyhRrm5gu.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\oqzhyhrrm5gu.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.910] GetFileType (hFile=0x31c) returned 0x1 [0140.910] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=31756) returned 1 [0140.910] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=31756) returned 1 [0140.910] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.910] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.911] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.911] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.913] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.913] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.913] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.913] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=31756) returned 1 [0140.913] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.914] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0140.915] WriteFile (in: hFile=0x31c, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0140.915] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0140.915] CloseHandle (hObject=0x31c) returned 1 [0140.919] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.919] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dae6c50, ftCreationTime.dwHighDateTime=0x1d932b8, ftLastAccessTime.dwLowDateTime=0xa4fd3b50, ftLastAccessTime.dwHighDateTime=0x1d93508, ftLastWriteTime.dwLowDateTime=0xa4fd3b50, ftLastWriteTime.dwHighDateTime=0x1d93508, nFileSizeHigh=0x0, nFileSizeLow=0xb4e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="XpUr.gif", cAlternateFileName="")) returned 1 [0140.919] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.919] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.920] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.920] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.920] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.920] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.920] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\XpUr.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\xpur.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.920] GetFileType (hFile=0x31c) returned 0x1 [0140.921] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=46308) returned 1 [0140.921] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=46308) returned 1 [0140.921] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.921] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.922] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.922] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0140.923] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0140.923] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.923] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.924] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=46308) returned 1 [0140.924] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0140.925] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0140.925] WriteFile (in: hFile=0x31c, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0140.925] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0140.926] CloseHandle (hObject=0x31c) returned 1 [0140.929] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0140.929] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda182480, ftCreationTime.dwHighDateTime=0x1d925f9, ftLastAccessTime.dwLowDateTime=0xdd7e6410, ftLastAccessTime.dwHighDateTime=0x1d92674, ftLastWriteTime.dwLowDateTime=0xdd7e6410, ftLastWriteTime.dwHighDateTime=0x1d92674, nFileSizeHigh=0x0, nFileSizeLow=0x148dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="zEVmASXzrNvdV1gT-HkQ.gif", cAlternateFileName="ZEVMAS~1.GIF")) returned 1 [0140.930] FileTimeToSystemTime (in: lpFileTime=0xc9c814, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.930] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.930] FileTimeToSystemTime (in: lpFileTime=0xc9c81c, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.930] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.930] FileTimeToSystemTime (in: lpFileTime=0xc9c824, lpSystemTime=0xc9c7b0 | out: lpSystemTime=0xc9c7b0) returned 1 [0140.930] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9c7b0, lpLocalTime=0xc9c7a0 | out: lpLocalTime=0xc9c7a0) returned 1 [0140.930] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\zEVmASXzrNvdV1gT-HkQ.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\zevmasxzrnvdv1gt-hkq.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc926e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0140.931] GetFileType (hFile=0x31c) returned 0x1 [0140.931] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=84188) returned 1 [0140.931] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc92828*=84188) returned 1 [0140.931] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0140.931] ReadFile (in: hFile=0x31c, lpBuffer=0xc92a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc927e8, lpOverlapped=0x0 | out: lpBuffer=0xc92a30*, lpNumberOfBytesRead=0xc927e8*=0x5000, lpOverlapped=0x0) returned 1 [0140.932] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0140.932] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.005] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.005] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc92878*=0) returned 1 [0141.005] WriteFile (in: hFile=0x31c, lpBuffer=0xc97a30*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0xc97a30*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0141.006] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xc92878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc92878*=84188) returned 1 [0141.006] WriteFile (in: hFile=0x31c, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc926e4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc926e4*=0x5000, lpOverlapped=0x0) returned 1 [0141.007] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0141.007] WriteFile (in: hFile=0x31c, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc92774, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc92774*=0x110, lpOverlapped=0x0) returned 1 [0141.008] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0141.008] CloseHandle (hObject=0x31c) returned 1 [0141.016] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.016] FindNextFileW (in: hFindFile=0x43ff30, lpFindFileData=0xc9c810 | out: lpFindFileData=0xc9c810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.016] GetLastError () returned 0x12 [0141.016] GetLastError () returned 0x12 [0141.016] SetLastError (dwErrCode=0x12) [0141.016] FindClose (in: hFindFile=0x43ff30 | out: hFindFile=0x43ff30) returned 1 [0141.017] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523962e0, ftCreationTime.dwHighDateTime=0x1d932f1, ftLastAccessTime.dwLowDateTime=0x45272a00, ftLastAccessTime.dwHighDateTime=0x1d93338, ftLastWriteTime.dwLowDateTime=0x45272a00, ftLastWriteTime.dwHighDateTime=0x1d93338, nFileSizeHigh=0x0, nFileSizeLow=0x20b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="85SciJrMWEx8uK.bmp", cAlternateFileName="85SCIJ~1.BMP")) returned 1 [0141.017] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.017] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.017] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.017] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.017] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.017] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.017] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\85SciJrMWEx8uK.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\85scijrmwex8uk.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0141.018] GetFileType (hFile=0x1b8) returned 0x1 [0141.018] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=8374) returned 1 [0141.018] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=8374) returned 1 [0141.018] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.018] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x20b6, lpOverlapped=0x0) returned 1 [0141.019] ReadFile (in: hFile=0x1b8, lpBuffer=0xc953d6, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc953d6*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0141.019] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x20c0) returned 0x15b58c0 [0141.019] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x20c0) returned 0x15b7990 [0141.020] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.020] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.020] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0141.021] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0141.021] WriteFile (in: hFile=0x1b8, lpBuffer=0x15b7990*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x15b7990*, lpNumberOfBytesWritten=0xc92fd4*=0x2000, lpOverlapped=0x0) returned 1 [0141.022] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0141.022] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x1c0, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93064*=0x1c0, lpOverlapped=0x0) returned 1 [0141.023] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0141.023] CloseHandle (hObject=0x1b8) returned 1 [0141.026] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b7990 | out: hHeap=0x430000) returned 1 [0141.027] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7eccd40, ftCreationTime.dwHighDateTime=0x1d935e3, ftLastAccessTime.dwLowDateTime=0x753b93d0, ftLastAccessTime.dwHighDateTime=0x1d93607, ftLastWriteTime.dwLowDateTime=0x753b93d0, ftLastWriteTime.dwHighDateTime=0x1d93607, nFileSizeHigh=0x0, nFileSizeLow=0x129b, dwReserved0=0x0, dwReserved1=0x0, cFileName="aWf4X0dmD13O.jpg", cAlternateFileName="AWF4X0~1.JPG")) returned 1 [0141.027] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.027] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.027] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.027] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.027] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.028] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.028] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\aWf4X0dmD13O.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\awf4x0dmd13o.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0141.028] GetFileType (hFile=0x1b8) returned 0x1 [0141.028] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=4763) returned 1 [0141.029] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=4763) returned 1 [0141.029] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.029] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x129b, lpOverlapped=0x0) returned 1 [0141.029] ReadFile (in: hFile=0x1b8, lpBuffer=0xc945bb, nNumberOfBytesToRead=0x3000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc945bb*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0141.029] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x12a0) returned 0x4b55c0 [0141.029] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x12a0) returned 0x15b58c0 [0141.030] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4b55c0 | out: hHeap=0x430000) returned 1 [0141.030] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.030] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0141.031] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0141.031] WriteFile (in: hFile=0x1b8, lpBuffer=0x15b58c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x15b58c0*, lpNumberOfBytesWritten=0xc92fd4*=0x1000, lpOverlapped=0x0) returned 1 [0141.032] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0141.032] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93064*=0x3a0, lpOverlapped=0x0) returned 1 [0141.033] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0141.033] CloseHandle (hObject=0x1b8) returned 1 [0141.037] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.037] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4ea87b0, ftCreationTime.dwHighDateTime=0x1d933b0, ftLastAccessTime.dwLowDateTime=0x40154050, ftLastAccessTime.dwHighDateTime=0x1d933fc, ftLastWriteTime.dwLowDateTime=0x40154050, ftLastWriteTime.dwHighDateTime=0x1d933fc, nFileSizeHigh=0x0, nFileSizeLow=0x18102, dwReserved0=0x0, dwReserved1=0x0, cFileName="BiT3GPRXCpn.bmp", cAlternateFileName="BIT3GP~1.BMP")) returned 1 [0141.037] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.037] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.038] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.038] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.038] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.038] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.038] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\BiT3GPRXCpn.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\bit3gprxcpn.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0141.038] GetFileType (hFile=0x1b8) returned 0x1 [0141.039] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=98562) returned 1 [0141.039] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=98562) returned 1 [0141.039] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.039] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0141.040] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.040] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.041] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.041] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.041] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0141.058] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=98562) returned 1 [0141.059] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0141.059] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0141.060] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0141.060] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0141.060] CloseHandle (hObject=0x1b8) returned 1 [0141.067] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.067] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73c7bcf0, ftCreationTime.dwHighDateTime=0x1d9307f, ftLastAccessTime.dwLowDateTime=0x32005f60, ftLastAccessTime.dwHighDateTime=0x1d93120, ftLastWriteTime.dwLowDateTime=0x32005f60, ftLastWriteTime.dwHighDateTime=0x1d93120, nFileSizeHigh=0x0, nFileSizeLow=0xb18d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NMRVXijqDWuZSGmsqvb.png", cAlternateFileName="NMRVXI~1.PNG")) returned 1 [0141.067] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.067] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.067] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.067] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.067] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.067] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.067] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\NMRVXijqDWuZSGmsqvb.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\nmrvxijqdwuzsgmsqvb.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0141.068] GetFileType (hFile=0x1b8) returned 0x1 [0141.068] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=45453) returned 1 [0141.068] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=45453) returned 1 [0141.068] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.068] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0141.069] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.069] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.070] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.070] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.071] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0141.071] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=45453) returned 1 [0141.071] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0141.073] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0141.075] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0141.076] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0141.076] CloseHandle (hObject=0x1b8) returned 1 [0141.080] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.080] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.080] GetLastError () returned 0x12 [0141.080] GetLastError () returned 0x12 [0141.080] SetLastError (dwErrCode=0x12) [0141.081] FindClose (in: hFindFile=0x43fe70 | out: hFindFile=0x43fe70) returned 1 [0141.081] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Saved Pictures", cAlternateFileName="SAVEDP~1")) returned 1 [0141.081] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.081] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.081] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.081] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.081] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.081] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.081] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43fe70 [0141.082] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.082] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.082] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.082] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.082] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.082] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.082] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.082] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.082] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.083] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.083] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.083] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.083] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.083] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0141.083] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.083] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.083] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.083] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.083] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.083] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.084] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0141.084] GetFileType (hFile=0x1b8) returned 0x1 [0141.084] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=190) returned 1 [0141.084] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=190) returned 1 [0141.084] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.085] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0xbe, lpOverlapped=0x0) returned 1 [0141.086] ReadFile (in: hFile=0x1b8, lpBuffer=0xc933de, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc933de*, lpNumberOfBytesRead=0xc930d8*=0x0, lpOverlapped=0x0) returned 1 [0141.086] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xc0) returned 0x454220 [0141.086] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xc0) returned 0x453860 [0141.087] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x454220 | out: hHeap=0x430000) returned 1 [0141.087] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.087] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0141.091] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=20480) returned 1 [0141.091] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0141.091] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x1c0, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93064*=0x1c0, lpOverlapped=0x0) returned 1 [0141.092] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0141.092] CloseHandle (hObject=0x1b8) returned 1 [0141.094] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x453860 | out: hHeap=0x430000) returned 1 [0141.095] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.095] GetLastError () returned 0x12 [0141.095] GetLastError () returned 0x12 [0141.095] SetLastError (dwErrCode=0x12) [0141.095] FindClose (in: hFindFile=0x43fe70 | out: hFindFile=0x43fe70) returned 1 [0141.095] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x612f43b0, ftCreationTime.dwHighDateTime=0x1d92e27, ftLastAccessTime.dwLowDateTime=0xbf0df060, ftLastAccessTime.dwHighDateTime=0x1d9307c, ftLastWriteTime.dwLowDateTime=0xbf0df060, ftLastWriteTime.dwHighDateTime=0x1d9307c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="vRF7wRGj7", cAlternateFileName="VRF7WR~1")) returned 1 [0141.095] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.095] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.095] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.095] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.095] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.096] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.096] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vRF7wRGj7\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vrf7wrgj7\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d100) returned 0x43fe70 [0141.096] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.096] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.096] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.096] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.096] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.096] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.096] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x612f43b0, ftCreationTime.dwHighDateTime=0x1d92e27, ftLastAccessTime.dwLowDateTime=0xbf0df060, ftLastAccessTime.dwHighDateTime=0x1d9307c, ftLastWriteTime.dwLowDateTime=0xbf0df060, ftLastWriteTime.dwHighDateTime=0x1d9307c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.097] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.097] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.097] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.097] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.097] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.097] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.097] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdea78c90, ftCreationTime.dwHighDateTime=0x1d92f4d, ftLastAccessTime.dwLowDateTime=0x5707d4c0, ftLastAccessTime.dwHighDateTime=0x1d9324a, ftLastWriteTime.dwLowDateTime=0x5707d4c0, ftLastWriteTime.dwHighDateTime=0x1d9324a, nFileSizeHigh=0x0, nFileSizeLow=0x108d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="1p9Ew2bGHhhJcLgW.gif", cAlternateFileName="1P9EW2~1.GIF")) returned 1 [0141.097] FileTimeToSystemTime (in: lpFileTime=0xc9d104, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.097] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.097] FileTimeToSystemTime (in: lpFileTime=0xc9d10c, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.097] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.098] FileTimeToSystemTime (in: lpFileTime=0xc9d114, lpSystemTime=0xc9d0a0 | out: lpSystemTime=0xc9d0a0) returned 1 [0141.098] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d0a0, lpLocalTime=0xc9d090 | out: lpLocalTime=0xc9d090) returned 1 [0141.098] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vRF7wRGj7\\1p9Ew2bGHhhJcLgW.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vrf7wrgj7\\1p9ew2bghhhjclgw.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc92fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0141.098] GetFileType (hFile=0x1b8) returned 0x1 [0141.098] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=67796) returned 1 [0141.099] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93118*=67796) returned 1 [0141.099] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.099] ReadFile (in: hFile=0x1b8, lpBuffer=0xc93320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc930d8, lpOverlapped=0x0 | out: lpBuffer=0xc93320*, lpNumberOfBytesRead=0xc930d8*=0x5000, lpOverlapped=0x0) returned 1 [0141.100] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.100] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.101] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.101] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93168*=0) returned 1 [0141.101] WriteFile (in: hFile=0x1b8, lpBuffer=0xc98320*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0xc98320*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0141.102] SetFilePointerEx (in: hFile=0x1b8, liDistanceToMove=0x0, lpNewFilePointer=0xc93168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93168*=67796) returned 1 [0141.102] WriteFile (in: hFile=0x1b8, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc92fd4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc92fd4*=0x5000, lpOverlapped=0x0) returned 1 [0141.103] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0141.103] WriteFile (in: hFile=0x1b8, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93064, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc93064*=0x110, lpOverlapped=0x0) returned 1 [0141.104] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0141.104] CloseHandle (hObject=0x1b8) returned 1 [0141.166] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.166] FindNextFileW (in: hFindFile=0x43fe70, lpFindFileData=0xc9d100 | out: lpFindFileData=0xc9d100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.166] GetLastError () returned 0x12 [0141.166] GetLastError () returned 0x12 [0141.166] SetLastError (dwErrCode=0x12) [0141.166] FindClose (in: hFindFile=0x43fe70 | out: hFindFile=0x43fe70) returned 1 [0141.166] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x612f43b0, ftCreationTime.dwHighDateTime=0x1d92e27, ftLastAccessTime.dwLowDateTime=0xbf0df060, ftLastAccessTime.dwHighDateTime=0x1d9307c, ftLastWriteTime.dwLowDateTime=0xbf0df060, ftLastWriteTime.dwHighDateTime=0x1d9307c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="vRF7wRGj7", cAlternateFileName="翸")) returned 0 [0141.166] GetLastError () returned 0x12 [0141.167] GetLastError () returned 0x12 [0141.168] SetLastError (dwErrCode=0x12) [0141.168] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0141.168] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0141.168] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.168] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.168] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.168] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.168] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.168] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.168] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\PrintHood\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\printhood\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0141.169] GetLastError () returned 0x5 [0141.169] GetLastError () returned 0x5 [0141.169] SetLastError (dwErrCode=0x5) [0141.169] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Recent", cAlternateFileName="")) returned 1 [0141.169] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.169] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.169] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.169] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.169] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.169] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.169] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\recent\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0141.171] GetLastError () returned 0x5 [0141.171] GetLastError () returned 0x5 [0141.171] SetLastError (dwErrCode=0x5) [0141.171] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0141.171] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.171] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.171] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.171] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.172] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.172] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.172] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43fdb0 [0141.172] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.172] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.172] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.172] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.172] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.172] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.172] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="..", cAlternateFileName="")) returned 1 [0141.173] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.173] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.173] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.173] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.181] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.181] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.181] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0141.181] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.181] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.182] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.182] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.182] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.182] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.182] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.182] GetFileType (hFile=0x2e4) returned 0x1 [0141.183] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=282) returned 1 [0141.183] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=282) returned 1 [0141.183] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.183] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x11a, lpOverlapped=0x0) returned 1 [0141.184] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93d2a, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93d2a*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0141.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x120) returned 0x15bbe30 [0141.184] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x120) returned 0x15bc090 [0141.185] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15bbe30 | out: hHeap=0x430000) returned 1 [0141.185] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.186] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.190] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0141.190] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0141.190] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc93954*=0x220, lpOverlapped=0x0) returned 1 [0141.197] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0141.197] CloseHandle (hObject=0x2e4) returned 1 [0141.201] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15bc090 | out: hHeap=0x430000) returned 1 [0141.201] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.201] GetLastError () returned 0x12 [0141.201] GetLastError () returned 0x12 [0141.201] SetLastError (dwErrCode=0x12) [0141.201] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0141.201] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Searches", cAlternateFileName="")) returned 1 [0141.201] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.201] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.202] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.202] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.202] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.202] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.202] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x440110 [0141.202] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.202] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.203] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.203] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.203] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.203] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.203] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.203] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.203] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.203] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.203] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.203] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.203] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.203] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0141.203] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.204] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.204] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.204] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.204] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.204] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.204] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.204] GetFileType (hFile=0x2e4) returned 0x1 [0141.205] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=524) returned 1 [0141.205] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=524) returned 1 [0141.205] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.205] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x20c, lpOverlapped=0x0) returned 1 [0141.206] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93e1c, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93e1c*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0141.206] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x210) returned 0x517700 [0141.206] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x210) returned 0x517b40 [0141.207] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x517700 | out: hHeap=0x430000) returned 1 [0141.207] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.207] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.217] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0141.217] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0141.217] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93954*=0x310, lpOverlapped=0x0) returned 1 [0141.218] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0141.218] CloseHandle (hObject=0x2e4) returned 1 [0141.220] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x517b40 | out: hHeap=0x430000) returned 1 [0141.221] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x437a1142, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0141.222] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.222] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.222] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.222] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.222] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.222] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.222] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0141.223] GetLastError () returned 0x5 [0141.223] GetLastError () returned 0x5 [0141.223] SetLastError (dwErrCode=0x5) [0141.223] GetLastError () returned 0x5 [0141.223] SetLastError (dwErrCode=0x5) [0141.223] GetLastError () returned 0x5 [0141.223] SetLastError (dwErrCode=0x5) [0141.223] GetLastError () returned 0x5 [0141.224] SetLastError (dwErrCode=0x5) [0141.224] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x4377acca, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4377acca, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4377acca, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0141.224] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.224] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.227] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.227] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.227] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.227] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.227] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0141.228] GetLastError () returned 0x5 [0141.228] GetLastError () returned 0x5 [0141.228] SetLastError (dwErrCode=0x5) [0141.228] GetLastError () returned 0x5 [0141.228] SetLastError (dwErrCode=0x5) [0141.228] GetLastError () returned 0x5 [0141.228] SetLastError (dwErrCode=0x5) [0141.228] GetLastError () returned 0x5 [0141.228] SetLastError (dwErrCode=0x5) [0141.228] FindNextFileW (in: hFindFile=0x440110, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.228] GetLastError () returned 0x12 [0141.228] GetLastError () returned 0x12 [0141.228] SetLastError (dwErrCode=0x12) [0141.228] FindClose (in: hFindFile=0x440110 | out: hFindFile=0x440110) returned 1 [0141.228] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="SendTo", cAlternateFileName="")) returned 1 [0141.229] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.229] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.229] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.229] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.229] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.229] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.229] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\sendto\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0141.229] GetLastError () returned 0x5 [0141.229] GetLastError () returned 0x5 [0141.229] SetLastError (dwErrCode=0x5) [0141.229] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0141.229] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.229] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.229] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.229] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.230] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.230] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.230] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Start Menu\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\start menu\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0141.230] GetLastError () returned 0x5 [0141.230] GetLastError () returned 0x5 [0141.230] SetLastError (dwErrCode=0x5) [0141.230] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0141.230] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.230] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.230] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.230] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.230] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.230] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.231] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Templates\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\templates\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0xffffffffffffffff [0141.231] GetLastError () returned 0x5 [0141.231] GetLastError () returned 0x5 [0141.231] SetLastError (dwErrCode=0x5) [0141.231] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe1aee205, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe1aee205, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Videos", cAlternateFileName="")) returned 1 [0141.231] FileTimeToSystemTime (in: lpFileTime=0xc9e2e4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.231] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.231] FileTimeToSystemTime (in: lpFileTime=0xc9e2ec, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.231] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.231] FileTimeToSystemTime (in: lpFileTime=0xc9e2f4, lpSystemTime=0xc9e280 | out: lpSystemTime=0xc9e280) returned 1 [0141.231] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9e280, lpLocalTime=0xc9e270 | out: lpLocalTime=0xc9e270) returned 1 [0141.231] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xc9d9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xc9d9f0) returned 0x43fdb0 [0141.232] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.232] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.232] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.232] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.232] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.232] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.232] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe1aee205, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe1aee205, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.232] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.232] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.232] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.232] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.232] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.232] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.233] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x913acd0, ftCreationTime.dwHighDateTime=0x1d9266f, ftLastAccessTime.dwLowDateTime=0x8b1a3a90, ftLastAccessTime.dwHighDateTime=0x1d93381, ftLastWriteTime.dwLowDateTime=0x8b1a3a90, ftLastWriteTime.dwHighDateTime=0x1d93381, nFileSizeHigh=0x0, nFileSizeLow=0x7765, dwReserved0=0x0, dwReserved1=0x0, cFileName="20JqE Cm5e6wvbNcfi.flv", cAlternateFileName="20JQEC~1.FLV")) returned 1 [0141.233] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.233] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.233] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.233] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.233] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.233] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.233] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\20JqE Cm5e6wvbNcfi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\20jqe cm5e6wvbncfi.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.234] GetFileType (hFile=0x2e4) returned 0x1 [0141.234] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=30565) returned 1 [0141.234] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=30565) returned 1 [0141.234] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.234] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.234] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.235] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.237] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.237] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.237] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.237] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=30565) returned 1 [0141.237] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.238] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0141.238] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.239] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0141.243] CloseHandle (hObject=0x2e4) returned 1 [0141.249] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.249] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb4d36d0, ftCreationTime.dwHighDateTime=0x1d925d8, ftLastAccessTime.dwLowDateTime=0x57feaf0, ftLastAccessTime.dwHighDateTime=0x1d92c52, ftLastWriteTime.dwLowDateTime=0x57feaf0, ftLastWriteTime.dwHighDateTime=0x1d92c52, nFileSizeHigh=0x0, nFileSizeLow=0xac44, dwReserved0=0x0, dwReserved1=0x0, cFileName="450j6K2lEvQhK3n.avi", cAlternateFileName="450J6K~1.AVI")) returned 1 [0141.249] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.249] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.249] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.249] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.249] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.249] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.250] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\450j6K2lEvQhK3n.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\450j6k2levqhk3n.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.250] GetFileType (hFile=0x2e4) returned 0x1 [0141.250] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=44100) returned 1 [0141.250] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=44100) returned 1 [0141.250] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.251] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.251] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.251] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.252] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.252] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.252] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.253] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=44100) returned 1 [0141.253] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.254] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0141.254] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.254] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0141.258] CloseHandle (hObject=0x2e4) returned 1 [0141.262] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.262] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2c3b3e0, ftCreationTime.dwHighDateTime=0x1d92f19, ftLastAccessTime.dwLowDateTime=0x41de72b0, ftLastAccessTime.dwHighDateTime=0x1d9346c, ftLastWriteTime.dwLowDateTime=0x41de72b0, ftLastWriteTime.dwHighDateTime=0x1d9346c, nFileSizeHigh=0x0, nFileSizeLow=0x14c5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="5KrU43Tq4lU3ovL.swf", cAlternateFileName="5KRU43~1.SWF")) returned 1 [0141.262] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.262] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.262] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.262] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.262] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.262] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.263] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\5KrU43Tq4lU3ovL.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\5kru43tq4lu3ovl.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.263] GetFileType (hFile=0x2e4) returned 0x1 [0141.263] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=85087) returned 1 [0141.263] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=85087) returned 1 [0141.263] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.264] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.264] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.264] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.265] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.265] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.265] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.266] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=85087) returned 1 [0141.266] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.267] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0141.267] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.268] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0141.268] CloseHandle (hObject=0x2e4) returned 1 [0141.277] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.277] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbaa138c0, ftCreationTime.dwHighDateTime=0x1d92adc, ftLastAccessTime.dwLowDateTime=0xa6c9fd20, ftLastAccessTime.dwHighDateTime=0x1d92b25, ftLastWriteTime.dwLowDateTime=0xa6c9fd20, ftLastWriteTime.dwHighDateTime=0x1d92b25, nFileSizeHigh=0x0, nFileSizeLow=0xdd63, dwReserved0=0x0, dwReserved1=0x0, cFileName="6h1ZcPvX-.avi", cAlternateFileName="6H1ZCP~1.AVI")) returned 1 [0141.277] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.277] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.277] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.277] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.277] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.277] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.278] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\6h1ZcPvX-.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\6h1zcpvx-.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.278] GetFileType (hFile=0x2e4) returned 0x1 [0141.278] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=56675) returned 1 [0141.278] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=56675) returned 1 [0141.278] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.278] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.279] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.279] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.280] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.280] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.281] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.281] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=56675) returned 1 [0141.281] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.283] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0141.283] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.286] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0141.291] CloseHandle (hObject=0x2e4) returned 1 [0141.297] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.297] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf5f3460, ftCreationTime.dwHighDateTime=0x1d9328f, ftLastAccessTime.dwLowDateTime=0xecf41bf0, ftLastAccessTime.dwHighDateTime=0x1d93471, ftLastWriteTime.dwLowDateTime=0xecf41bf0, ftLastWriteTime.dwHighDateTime=0x1d93471, nFileSizeHigh=0x0, nFileSizeLow=0x50d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="6xGdnFO5Q_.mp4", cAlternateFileName="6XGDNF~1.MP4")) returned 1 [0141.297] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.297] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.298] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.298] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.298] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.298] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.298] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\6xGdnFO5Q_.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\6xgdnfo5q_.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.299] GetFileType (hFile=0x2e4) returned 0x1 [0141.299] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20692) returned 1 [0141.299] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=20692) returned 1 [0141.299] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.299] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.300] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.300] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.301] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.301] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.321] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.322] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20692) returned 1 [0141.322] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.323] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0141.323] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.324] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0141.324] CloseHandle (hObject=0x2e4) returned 1 [0141.328] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.328] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x724b1470, ftCreationTime.dwHighDateTime=0x1d92f81, ftLastAccessTime.dwLowDateTime=0xb9e25070, ftLastAccessTime.dwHighDateTime=0x1d933ee, ftLastWriteTime.dwLowDateTime=0xb9e25070, ftLastWriteTime.dwHighDateTime=0x1d933ee, nFileSizeHigh=0x0, nFileSizeLow=0xbced, dwReserved0=0x0, dwReserved1=0x0, cFileName="aoyCAw5Qajftw0RqZ.mkv", cAlternateFileName="AOYCAW~1.MKV")) returned 1 [0141.328] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.328] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.328] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.328] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.328] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.328] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.328] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\aoyCAw5Qajftw0RqZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\aoycaw5qajftw0rqz.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.329] GetFileType (hFile=0x2e4) returned 0x1 [0141.329] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=48365) returned 1 [0141.329] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=48365) returned 1 [0141.329] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.329] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.330] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.330] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.331] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.331] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.332] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.332] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=48365) returned 1 [0141.332] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.337] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0141.337] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.338] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0141.338] CloseHandle (hObject=0x2e4) returned 1 [0141.343] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.343] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc12ac2e0, ftCreationTime.dwHighDateTime=0x1d9325e, ftLastAccessTime.dwLowDateTime=0x2f71e30, ftLastAccessTime.dwHighDateTime=0x1d9360b, ftLastWriteTime.dwLowDateTime=0x2f71e30, ftLastWriteTime.dwHighDateTime=0x1d9360b, nFileSizeHigh=0x0, nFileSizeLow=0x18378, dwReserved0=0x0, dwReserved1=0x0, cFileName="auWbn4Aenq.mp4", cAlternateFileName="AUWBN4~1.MP4")) returned 1 [0141.343] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.343] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.343] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.343] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.343] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.343] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.344] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\auWbn4Aenq.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\auwbn4aenq.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.344] GetFileType (hFile=0x2e4) returned 0x1 [0141.344] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=99192) returned 1 [0141.344] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=99192) returned 1 [0141.344] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.345] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.345] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.345] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.346] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.346] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.347] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.347] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=99192) returned 1 [0141.347] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.368] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0141.368] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.369] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0141.369] CloseHandle (hObject=0x2e4) returned 1 [0141.410] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.410] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1fb820, ftCreationTime.dwHighDateTime=0x1d93144, ftLastAccessTime.dwLowDateTime=0x793ee2b0, ftLastAccessTime.dwHighDateTime=0x1d9338d, ftLastWriteTime.dwLowDateTime=0x793ee2b0, ftLastWriteTime.dwHighDateTime=0x1d9338d, nFileSizeHigh=0x0, nFileSizeLow=0x88e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="cFQCAjt-9.avi", cAlternateFileName="CFQCAJ~1.AVI")) returned 1 [0141.411] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.411] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.411] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.411] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.412] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.412] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.412] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\cFQCAjt-9.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\cfqcajt-9.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.413] GetFileType (hFile=0x2e4) returned 0x1 [0141.413] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=35042) returned 1 [0141.413] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=35042) returned 1 [0141.413] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.413] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.414] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.414] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.416] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.416] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.416] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.416] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=35042) returned 1 [0141.416] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.417] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0141.417] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.418] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0141.418] CloseHandle (hObject=0x2e4) returned 1 [0141.425] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.425] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7caa20, ftCreationTime.dwHighDateTime=0x1d935d0, ftLastAccessTime.dwLowDateTime=0xac33ce40, ftLastAccessTime.dwHighDateTime=0x1d935fb, ftLastWriteTime.dwLowDateTime=0xac33ce40, ftLastWriteTime.dwHighDateTime=0x1d935fb, nFileSizeHigh=0x0, nFileSizeLow=0xa806, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLdzw536TG.mp4", cAlternateFileName="CLDZW5~1.MP4")) returned 1 [0141.425] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.425] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.425] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.425] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.425] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.425] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.426] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\CLdzw536TG.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\cldzw536tg.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.426] GetFileType (hFile=0x2e4) returned 0x1 [0141.426] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=43014) returned 1 [0141.426] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=43014) returned 1 [0141.430] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.430] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.430] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.430] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.432] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.432] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.432] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.432] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=43014) returned 1 [0141.433] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.433] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0141.434] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.434] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0141.434] CloseHandle (hObject=0x2e4) returned 1 [0141.439] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.439] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98d38680, ftCreationTime.dwHighDateTime=0x1d926d1, ftLastAccessTime.dwLowDateTime=0xdf1464e0, ftLastAccessTime.dwHighDateTime=0x1d9343f, ftLastWriteTime.dwLowDateTime=0xdf1464e0, ftLastWriteTime.dwHighDateTime=0x1d9343f, nFileSizeHigh=0x0, nFileSizeLow=0xc6a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="CXrX4S7HWEbBL.swf", cAlternateFileName="CXRX4S~1.SWF")) returned 1 [0141.439] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.439] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.439] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.439] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.439] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.440] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.440] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\CXrX4S7HWEbBL.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\cxrx4s7hwebbl.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.440] GetFileType (hFile=0x2e4) returned 0x1 [0141.440] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=50849) returned 1 [0141.440] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=50849) returned 1 [0141.441] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.441] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.441] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.441] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.442] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.443] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.443] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.443] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=50849) returned 1 [0141.443] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.447] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0141.447] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.448] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0141.448] CloseHandle (hObject=0x2e4) returned 1 [0141.452] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.452] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4347fe61, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4347fe61, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0141.452] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.452] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.452] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.452] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.452] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.452] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.453] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.453] GetFileType (hFile=0x2e4) returned 0x1 [0141.453] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=504) returned 1 [0141.453] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=504) returned 1 [0141.454] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.454] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x1f8, lpOverlapped=0x0) returned 1 [0141.455] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93e08, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93e08*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0141.455] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x200) returned 0x4749a0 [0141.455] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x200) returned 0x4759a0 [0141.456] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4749a0 | out: hHeap=0x430000) returned 1 [0141.456] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.456] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.462] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0141.463] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0141.463] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc93954*=0x300, lpOverlapped=0x0) returned 1 [0141.464] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0141.464] CloseHandle (hObject=0x2e4) returned 1 [0141.466] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4759a0 | out: hHeap=0x430000) returned 1 [0141.466] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30051800, ftCreationTime.dwHighDateTime=0x1d934b7, ftLastAccessTime.dwLowDateTime=0x77157a90, ftLastAccessTime.dwHighDateTime=0x1d93620, ftLastWriteTime.dwLowDateTime=0x77157a90, ftLastWriteTime.dwHighDateTime=0x1d93620, nFileSizeHigh=0x0, nFileSizeLow=0x494e, dwReserved0=0x0, dwReserved1=0x0, cFileName="dOhOXBSwvqLZkoH9xQ.swf", cAlternateFileName="DOHOXB~1.SWF")) returned 1 [0141.467] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.467] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.467] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.467] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.467] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.467] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.467] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dOhOXBSwvqLZkoH9xQ.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\dohoxbswvqlzkoh9xq.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.468] GetFileType (hFile=0x2e4) returned 0x1 [0141.468] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=18766) returned 1 [0141.468] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=18766) returned 1 [0141.468] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.468] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x494e, lpOverlapped=0x0) returned 1 [0141.469] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0141.469] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d9290, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc93958, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesRead=0xc93958*=0x0, lpOverlapped=0x0) returned 1 [0141.469] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x4950) returned 0x15b58c0 [0141.469] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x4950) returned 0x4ba7e0 [0141.470] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.470] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.470] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.471] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0141.471] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x4000, lpOverlapped=0x0) returned 1 [0141.472] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc93954*=0xa50, lpOverlapped=0x0) returned 1 [0141.473] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0141.473] CloseHandle (hObject=0x2e4) returned 1 [0141.481] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.481] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb704b00, ftCreationTime.dwHighDateTime=0x1d92d59, ftLastAccessTime.dwLowDateTime=0x159080a0, ftLastAccessTime.dwHighDateTime=0x1d935d8, ftLastWriteTime.dwLowDateTime=0x159080a0, ftLastWriteTime.dwHighDateTime=0x1d935d8, nFileSizeHigh=0x0, nFileSizeLow=0x1241c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DXvT6A.swf", cAlternateFileName="")) returned 1 [0141.482] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.482] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.482] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.482] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.482] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.482] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.482] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\DXvT6A.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\dxvt6a.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.483] GetFileType (hFile=0x2e4) returned 0x1 [0141.483] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=74780) returned 1 [0141.483] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=74780) returned 1 [0141.483] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.483] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.484] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.484] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.486] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.486] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.486] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.486] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=74780) returned 1 [0141.487] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.487] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d7270 [0141.488] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d7270*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d7270*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.488] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d7270 | out: hHeap=0x430000) returned 1 [0141.488] CloseHandle (hObject=0x2e4) returned 1 [0141.498] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.498] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3332d90, ftCreationTime.dwHighDateTime=0x1d92610, ftLastAccessTime.dwLowDateTime=0x6987b900, ftLastAccessTime.dwHighDateTime=0x1d92f28, ftLastWriteTime.dwLowDateTime=0x6987b900, ftLastWriteTime.dwHighDateTime=0x1d92f28, nFileSizeHigh=0x0, nFileSizeLow=0x119ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="D_kC7XGuuJT.mp4", cAlternateFileName="D_KC7X~1.MP4")) returned 1 [0141.498] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.498] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.498] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.498] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.499] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.499] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.499] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\D_kC7XGuuJT.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\d_kc7xguujt.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.499] GetFileType (hFile=0x2e4) returned 0x1 [0141.499] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=72172) returned 1 [0141.499] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=72172) returned 1 [0141.499] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.500] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.500] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.500] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.501] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.501] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.501] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.501] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=72172) returned 1 [0141.501] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.502] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0141.502] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.503] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0141.503] CloseHandle (hObject=0x2e4) returned 1 [0141.514] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.514] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dc6aa30, ftCreationTime.dwHighDateTime=0x1d92beb, ftLastAccessTime.dwLowDateTime=0x1d0f8390, ftLastAccessTime.dwHighDateTime=0x1d92e8e, ftLastWriteTime.dwLowDateTime=0x1d0f8390, ftLastWriteTime.dwHighDateTime=0x1d92e8e, nFileSizeHigh=0x0, nFileSizeLow=0xade, dwReserved0=0x0, dwReserved1=0x0, cFileName="FLXxvVNl.swf", cAlternateFileName="")) returned 1 [0141.514] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.514] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.514] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.514] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.514] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.514] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.515] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\FLXxvVNl.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\flxxvvnl.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.515] GetFileType (hFile=0x2e4) returned 0x1 [0141.515] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=2782) returned 1 [0141.515] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=2782) returned 1 [0141.515] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.516] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0xade, lpOverlapped=0x0) returned 1 [0141.516] ReadFile (in: hFile=0x2e4, lpBuffer=0xc946ee, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc946ee*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0141.516] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xae0) returned 0x462ff0 [0141.516] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xae0) returned 0x15b3760 [0141.517] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462ff0 | out: hHeap=0x430000) returned 1 [0141.517] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.517] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.518] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0141.518] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0141.518] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0xbe0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93954*=0xbe0, lpOverlapped=0x0) returned 1 [0141.519] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0141.519] CloseHandle (hObject=0x2e4) returned 1 [0141.525] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b3760 | out: hHeap=0x430000) returned 1 [0141.525] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef1e4a50, ftCreationTime.dwHighDateTime=0x1d92b2e, ftLastAccessTime.dwLowDateTime=0x3e3fb280, ftLastAccessTime.dwHighDateTime=0x1d935a8, ftLastWriteTime.dwLowDateTime=0x3e3fb280, ftLastWriteTime.dwHighDateTime=0x1d935a8, nFileSizeHigh=0x0, nFileSizeLow=0x6244, dwReserved0=0x0, dwReserved1=0x0, cFileName="i3QToQLiB.mkv", cAlternateFileName="I3QTOQ~1.MKV")) returned 1 [0141.526] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.526] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.526] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.526] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.526] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.526] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.526] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\i3QToQLiB.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\i3qtoqlib.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.527] GetFileType (hFile=0x2e4) returned 0x1 [0141.527] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=25156) returned 1 [0141.527] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=25156) returned 1 [0141.527] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.527] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.528] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.528] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.529] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.529] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.529] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.530] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=25156) returned 1 [0141.530] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.530] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d5250 [0141.531] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d5250*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d5250*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.531] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d5250 | out: hHeap=0x430000) returned 1 [0141.531] CloseHandle (hObject=0x2e4) returned 1 [0141.534] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.534] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfea92210, ftCreationTime.dwHighDateTime=0x1d932ef, ftLastAccessTime.dwLowDateTime=0x6ed45240, ftLastAccessTime.dwHighDateTime=0x1d93529, ftLastWriteTime.dwLowDateTime=0x6ed45240, ftLastWriteTime.dwHighDateTime=0x1d93529, nFileSizeHigh=0x0, nFileSizeLow=0xff7b, dwReserved0=0x0, dwReserved1=0x0, cFileName="L8br.swf", cAlternateFileName="")) returned 1 [0141.535] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.535] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.535] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.535] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.535] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.535] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.535] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\L8br.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\l8br.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.535] GetFileType (hFile=0x2e4) returned 0x1 [0141.536] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=65403) returned 1 [0141.539] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=65403) returned 1 [0141.539] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.539] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.540] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.540] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.541] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.541] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.541] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.541] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=65403) returned 1 [0141.542] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.542] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0141.542] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.543] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0141.543] CloseHandle (hObject=0x2e4) returned 1 [0141.550] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.550] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa066c250, ftCreationTime.dwHighDateTime=0x1d92a8b, ftLastAccessTime.dwLowDateTime=0x74a550b0, ftLastAccessTime.dwHighDateTime=0x1d92dd7, ftLastWriteTime.dwLowDateTime=0x74a550b0, ftLastWriteTime.dwHighDateTime=0x1d92dd7, nFileSizeHigh=0x0, nFileSizeLow=0x1c4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="m6XkSaeR.avi", cAlternateFileName="")) returned 1 [0141.550] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.550] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.550] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.550] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.550] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.551] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.551] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\m6XkSaeR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\m6xksaer.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.551] GetFileType (hFile=0x2e4) returned 0x1 [0141.556] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=7245) returned 1 [0141.556] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=7245) returned 1 [0141.556] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.556] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x1c4d, lpOverlapped=0x0) returned 1 [0141.557] ReadFile (in: hFile=0x2e4, lpBuffer=0xc9585d, nNumberOfBytesToRead=0x3000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc9585d*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0141.557] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1c50) returned 0x15b58c0 [0141.557] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1c50) returned 0x15b7520 [0141.557] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.557] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.558] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.558] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0141.559] WriteFile (in: hFile=0x2e4, lpBuffer=0x15b7520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x15b7520*, lpNumberOfBytesWritten=0xc938c4*=0x1000, lpOverlapped=0x0) returned 1 [0141.559] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0141.559] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0xd50, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93954*=0xd50, lpOverlapped=0x0) returned 1 [0141.560] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0141.560] CloseHandle (hObject=0x2e4) returned 1 [0141.563] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b7520 | out: hHeap=0x430000) returned 1 [0141.563] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf1830a0, ftCreationTime.dwHighDateTime=0x1d92cd3, ftLastAccessTime.dwLowDateTime=0x897dd1d0, ftLastAccessTime.dwHighDateTime=0x1d930d2, ftLastWriteTime.dwLowDateTime=0x897dd1d0, ftLastWriteTime.dwHighDateTime=0x1d930d2, nFileSizeHigh=0x0, nFileSizeLow=0x12885, dwReserved0=0x0, dwReserved1=0x0, cFileName="Nfz8xn.flv", cAlternateFileName="")) returned 1 [0141.563] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.563] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.563] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.563] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.563] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.563] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.564] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Nfz8xn.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\nfz8xn.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.564] GetFileType (hFile=0x2e4) returned 0x1 [0141.564] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=75909) returned 1 [0141.564] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=75909) returned 1 [0141.564] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.564] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.565] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.565] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.567] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.567] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.567] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.568] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=75909) returned 1 [0141.568] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.571] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0141.572] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.572] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0141.572] CloseHandle (hObject=0x2e4) returned 1 [0141.577] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.577] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86077f80, ftCreationTime.dwHighDateTime=0x1d9296e, ftLastAccessTime.dwLowDateTime=0x95b2cfd0, ftLastAccessTime.dwHighDateTime=0x1d930e8, ftLastWriteTime.dwLowDateTime=0x95b2cfd0, ftLastWriteTime.dwHighDateTime=0x1d930e8, nFileSizeHigh=0x0, nFileSizeLow=0x94bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="qv8vJ_2.flv", cAlternateFileName="")) returned 1 [0141.577] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.577] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.577] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.577] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.578] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.578] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.578] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\qv8vJ_2.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\qv8vj_2.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.578] GetFileType (hFile=0x2e4) returned 0x1 [0141.578] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=38077) returned 1 [0141.579] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=38077) returned 1 [0141.579] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.579] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.579] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.579] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.581] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.581] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.581] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.581] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=38077) returned 1 [0141.581] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.583] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d8280 [0141.586] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d8280*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d8280*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.587] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d8280 | out: hHeap=0x430000) returned 1 [0141.587] CloseHandle (hObject=0x2e4) returned 1 [0141.592] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.592] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbcc4dd0, ftCreationTime.dwHighDateTime=0x1d92b83, ftLastAccessTime.dwLowDateTime=0xb7d5f640, ftLastAccessTime.dwHighDateTime=0x1d92dba, ftLastWriteTime.dwLowDateTime=0xb7d5f640, ftLastWriteTime.dwHighDateTime=0x1d92dba, nFileSizeHigh=0x0, nFileSizeLow=0x818, dwReserved0=0x0, dwReserved1=0x0, cFileName="r4 aP8m.mp4", cAlternateFileName="R4AP8M~1.MP4")) returned 1 [0141.592] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.592] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.592] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.592] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.592] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.592] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.593] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\r4 aP8m.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r4 ap8m.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.593] GetFileType (hFile=0x2e4) returned 0x1 [0141.593] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=2072) returned 1 [0141.593] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=2072) returned 1 [0141.593] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.594] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x818, lpOverlapped=0x0) returned 1 [0141.594] ReadFile (in: hFile=0x2e4, lpBuffer=0xc94428, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc94428*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0141.594] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x820) returned 0x462ff0 [0141.594] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x820) returned 0x463820 [0141.595] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462ff0 | out: hHeap=0x430000) returned 1 [0141.595] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.595] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.596] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0141.596] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0141.596] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93954*=0x920, lpOverlapped=0x0) returned 1 [0141.597] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0141.597] CloseHandle (hObject=0x2e4) returned 1 [0141.621] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x463820 | out: hHeap=0x430000) returned 1 [0141.621] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca767330, ftCreationTime.dwHighDateTime=0x1d9339e, ftLastAccessTime.dwLowDateTime=0xf9e5b570, ftLastAccessTime.dwHighDateTime=0x1d933d2, ftLastWriteTime.dwLowDateTime=0xf9e5b570, ftLastWriteTime.dwHighDateTime=0x1d933d2, nFileSizeHigh=0x0, nFileSizeLow=0xfd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="RtNwIB-43m.swf", cAlternateFileName="RTNWIB~1.SWF")) returned 1 [0141.621] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.621] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.621] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.621] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.621] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.621] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.621] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\RtNwIB-43m.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\rtnwib-43m.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.622] GetFileType (hFile=0x2e4) returned 0x1 [0141.622] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=4055) returned 1 [0141.622] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=4055) returned 1 [0141.622] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.622] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0xfd7, lpOverlapped=0x0) returned 1 [0141.622] ReadFile (in: hFile=0x2e4, lpBuffer=0xc94be7, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc94be7*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0141.623] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xfe0) returned 0x462ff0 [0141.623] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0xfe0) returned 0x15b3760 [0141.623] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x462ff0 | out: hHeap=0x430000) returned 1 [0141.624] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.624] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.625] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0141.625] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0141.625] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xc93864, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93864*=0x1000, lpOverlapped=0x0) returned 1 [0141.626] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93954*=0xe0, lpOverlapped=0x0) returned 1 [0141.626] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0141.627] CloseHandle (hObject=0x2e4) returned 1 [0141.630] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b3760 | out: hHeap=0x430000) returned 1 [0141.633] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce4f54f0, ftCreationTime.dwHighDateTime=0x1d92bb9, ftLastAccessTime.dwLowDateTime=0x23dc44d0, ftLastAccessTime.dwHighDateTime=0x1d93008, ftLastWriteTime.dwLowDateTime=0x23dc44d0, ftLastWriteTime.dwHighDateTime=0x1d93008, nFileSizeHigh=0x0, nFileSizeLow=0x17a11, dwReserved0=0x0, dwReserved1=0x0, cFileName="rx_L5.mkv", cAlternateFileName="")) returned 1 [0141.633] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.633] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.633] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.633] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.633] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.633] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.634] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\rx_L5.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\rx_l5.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.634] GetFileType (hFile=0x2e4) returned 0x1 [0141.634] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=96785) returned 1 [0141.634] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=96785) returned 1 [0141.634] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.635] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.635] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.635] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.636] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.637] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.637] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.637] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=96785) returned 1 [0141.637] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.638] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0141.638] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.639] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0141.639] CloseHandle (hObject=0x2e4) returned 1 [0141.645] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.645] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2e20860, ftCreationTime.dwHighDateTime=0x1d930db, ftLastAccessTime.dwLowDateTime=0xae2698d0, ftLastAccessTime.dwHighDateTime=0x1d93593, ftLastWriteTime.dwLowDateTime=0xae2698d0, ftLastWriteTime.dwHighDateTime=0x1d93593, nFileSizeHigh=0x0, nFileSizeLow=0x1173e, dwReserved0=0x0, dwReserved1=0x0, cFileName="sb8Hk69e2bii.mkv", cAlternateFileName="SB8HK6~1.MKV")) returned 1 [0141.648] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.648] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.649] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.649] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.649] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.649] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.649] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\sb8Hk69e2bii.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\sb8hk69e2bii.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.649] GetFileType (hFile=0x2e4) returned 0x1 [0141.649] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=71486) returned 1 [0141.650] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=71486) returned 1 [0141.650] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.650] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.650] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.650] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.652] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.652] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.652] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.653] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=71486) returned 1 [0141.653] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.654] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d9290 [0141.654] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d9290*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d9290*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.655] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d9290 | out: hHeap=0x430000) returned 1 [0141.655] CloseHandle (hObject=0x2e4) returned 1 [0141.660] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.660] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x304e39b0, ftCreationTime.dwHighDateTime=0x1d92b19, ftLastAccessTime.dwLowDateTime=0xd9dea160, ftLastAccessTime.dwHighDateTime=0x1d92f22, ftLastWriteTime.dwLowDateTime=0xd9dea160, ftLastWriteTime.dwHighDateTime=0x1d92f22, nFileSizeHigh=0x0, nFileSizeLow=0x1298d, dwReserved0=0x0, dwReserved1=0x0, cFileName="selU_KIo.avi", cAlternateFileName="")) returned 1 [0141.660] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.660] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.660] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.660] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.660] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.660] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.758] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\selU_KIo.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\selu_kio.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.758] GetFileType (hFile=0x2e4) returned 0x1 [0141.758] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=76173) returned 1 [0141.759] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=76173) returned 1 [0141.759] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.759] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.759] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.762] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.764] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.764] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.764] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.765] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=76173) returned 1 [0141.765] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.766] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0141.766] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.767] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0141.767] CloseHandle (hObject=0x2e4) returned 1 [0141.773] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.776] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7363fa0, ftCreationTime.dwHighDateTime=0x1d9301e, ftLastAccessTime.dwLowDateTime=0x54a2c80, ftLastAccessTime.dwHighDateTime=0x1d93206, ftLastWriteTime.dwLowDateTime=0x54a2c80, ftLastWriteTime.dwHighDateTime=0x1d93206, nFileSizeHigh=0x0, nFileSizeLow=0xebd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="SVaiBlmdG1piqxMJ1.swf", cAlternateFileName="SVAIBL~1.SWF")) returned 1 [0141.776] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.776] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.776] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.777] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\SVaiBlmdG1piqxMJ1.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\svaiblmdg1piqxmj1.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.777] GetFileType (hFile=0x2e4) returned 0x1 [0141.777] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=60369) returned 1 [0141.777] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=60369) returned 1 [0141.777] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.778] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.778] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.778] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.779] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.779] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.780] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.780] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=60369) returned 1 [0141.780] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.781] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d3230 [0141.781] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d3230*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d3230*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.782] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d3230 | out: hHeap=0x430000) returned 1 [0141.782] CloseHandle (hObject=0x2e4) returned 1 [0141.790] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.791] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b124ae0, ftCreationTime.dwHighDateTime=0x1d9361e, ftLastAccessTime.dwLowDateTime=0xb3898960, ftLastAccessTime.dwHighDateTime=0x1d93627, ftLastWriteTime.dwLowDateTime=0xb3898960, ftLastWriteTime.dwHighDateTime=0x1d93627, nFileSizeHigh=0x0, nFileSizeLow=0xeca4, dwReserved0=0x0, dwReserved1=0x0, cFileName="w1eNTJHkZu7fh3.flv", cAlternateFileName="W1ENTJ~1.FLV")) returned 1 [0141.791] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.791] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.791] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.791] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.791] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.791] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.791] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\w1eNTJHkZu7fh3.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\w1entjhkzu7fh3.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.792] GetFileType (hFile=0x2e4) returned 0x1 [0141.792] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=60580) returned 1 [0141.792] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=60580) returned 1 [0141.792] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.792] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.793] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.793] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.794] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.794] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.794] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.795] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=60580) returned 1 [0141.795] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.796] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0141.796] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.797] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0141.797] CloseHandle (hObject=0x2e4) returned 1 [0141.837] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.837] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7c75830, ftCreationTime.dwHighDateTime=0x1d92944, ftLastAccessTime.dwLowDateTime=0x80514530, ftLastAccessTime.dwHighDateTime=0x1d93517, ftLastWriteTime.dwLowDateTime=0x80514530, ftLastWriteTime.dwHighDateTime=0x1d93517, nFileSizeHigh=0x0, nFileSizeLow=0x47ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wax 7.mp4", cAlternateFileName="WAX7~1.MP4")) returned 1 [0141.837] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.837] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.837] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.838] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.838] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.838] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.838] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Wax 7.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\wax 7.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.838] GetFileType (hFile=0x2e4) returned 0x1 [0141.838] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=18349) returned 1 [0141.838] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=18349) returned 1 [0141.839] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.839] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x47ad, lpOverlapped=0x0) returned 1 [0141.839] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d6260 [0141.839] ReadFile (in: hFile=0x2e4, lpBuffer=0x4d6260, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc93958, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesRead=0xc93958*=0x0, lpOverlapped=0x0) returned 1 [0141.839] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x47b0) returned 0x15b58c0 [0141.839] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x47b0) returned 0x4ba7e0 [0141.840] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.840] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.840] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.841] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0141.841] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x4000, lpOverlapped=0x0) returned 1 [0141.841] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d6260*, nNumberOfBytesToWrite=0x8b0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d6260*, lpNumberOfBytesWritten=0xc93954*=0x8b0, lpOverlapped=0x0) returned 1 [0141.842] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d6260 | out: hHeap=0x430000) returned 1 [0141.842] CloseHandle (hObject=0x2e4) returned 1 [0141.845] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.845] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf15325d0, ftCreationTime.dwHighDateTime=0x1d9313b, ftLastAccessTime.dwLowDateTime=0xf1127f00, ftLastAccessTime.dwHighDateTime=0x1d9321a, ftLastWriteTime.dwLowDateTime=0xf1127f00, ftLastWriteTime.dwHighDateTime=0x1d9321a, nFileSizeHigh=0x0, nFileSizeLow=0x122fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="zUyYqWvMI4.flv", cAlternateFileName="ZUYYQW~1.FLV")) returned 1 [0141.845] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.845] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.846] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.846] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.846] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\zUyYqWvMI4.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\zuyyqwvmi4.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.846] GetFileType (hFile=0x2e4) returned 0x1 [0141.846] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=74491) returned 1 [0141.847] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=74491) returned 1 [0141.847] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.847] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x5000, lpOverlapped=0x0) returned 1 [0141.847] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x15b58c0 [0141.847] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x5010) returned 0x4ba7e0 [0141.849] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.849] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.849] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.852] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=74491) returned 1 [0141.853] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.853] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d2220 [0141.854] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d2220*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d2220*, lpNumberOfBytesWritten=0xc93954*=0x110, lpOverlapped=0x0) returned 1 [0141.854] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d2220 | out: hHeap=0x430000) returned 1 [0141.854] CloseHandle (hObject=0x2e4) returned 1 [0141.859] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.859] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x476668a0, ftCreationTime.dwHighDateTime=0x1d92c06, ftLastAccessTime.dwLowDateTime=0x62061e60, ftLastAccessTime.dwHighDateTime=0x1d92f69, ftLastWriteTime.dwLowDateTime=0x62061e60, ftLastWriteTime.dwHighDateTime=0x1d92f69, nFileSizeHigh=0x0, nFileSizeLow=0x3297, dwReserved0=0x0, dwReserved1=0x0, cFileName="_93Ekpde.swf", cAlternateFileName="")) returned 1 [0141.859] FileTimeToSystemTime (in: lpFileTime=0xc9d9f4, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.859] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.859] FileTimeToSystemTime (in: lpFileTime=0xc9d9fc, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.860] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.860] FileTimeToSystemTime (in: lpFileTime=0xc9da04, lpSystemTime=0xc9d990 | out: lpSystemTime=0xc9d990) returned 1 [0141.860] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xc9d990, lpLocalTime=0xc9d980 | out: lpLocalTime=0xc9d980) returned 1 [0141.860] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\_93Ekpde.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\_93ekpde.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xc938c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0141.860] GetFileType (hFile=0x2e4) returned 0x1 [0141.860] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=12951) returned 1 [0141.861] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xc93a08*=12951) returned 1 [0141.861] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.861] ReadFile (in: hFile=0x2e4, lpBuffer=0xc93c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc93c10*, lpNumberOfBytesRead=0xc939c8*=0x3297, lpOverlapped=0x0) returned 1 [0141.861] ReadFile (in: hFile=0x2e4, lpBuffer=0xc96ea7, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc939c8, lpOverlapped=0x0 | out: lpBuffer=0xc96ea7*, lpNumberOfBytesRead=0xc939c8*=0x0, lpOverlapped=0x0) returned 1 [0141.861] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x32a0) returned 0x15b58c0 [0141.861] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x32a0) returned 0x4ba7e0 [0141.862] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x15b58c0 | out: hHeap=0x430000) returned 1 [0141.863] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xc93a58*=0) returned 1 [0141.863] WriteFile (in: hFile=0x2e4, lpBuffer=0xc98c10*, nNumberOfBytesToWrite=0x5000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0xc98c10*, lpNumberOfBytesWritten=0xc938c4*=0x5000, lpOverlapped=0x0) returned 1 [0141.864] SetFilePointerEx (in: hFile=0x2e4, liDistanceToMove=0x0, lpNewFilePointer=0xc93a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xc93a58*=20480) returned 1 [0141.864] WriteFile (in: hFile=0x2e4, lpBuffer=0x4ba7e0*, nNumberOfBytesToWrite=0x3000, lpNumberOfBytesWritten=0xc938c4, lpOverlapped=0x0 | out: lpBuffer=0x4ba7e0*, lpNumberOfBytesWritten=0xc938c4*=0x3000, lpOverlapped=0x0) returned 1 [0141.865] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x1000) returned 0x4d4240 [0141.868] WriteFile (in: hFile=0x2e4, lpBuffer=0x4d4240*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0xc93954, lpOverlapped=0x0 | out: lpBuffer=0x4d4240*, lpNumberOfBytesWritten=0xc93954*=0x3a0, lpOverlapped=0x0) returned 1 [0141.869] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4d4240 | out: hHeap=0x430000) returned 1 [0141.869] CloseHandle (hObject=0x2e4) returned 1 [0141.872] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x4ba7e0 | out: hHeap=0x430000) returned 1 [0141.872] FindNextFileW (in: hFindFile=0x43fdb0, lpFindFileData=0xc9d9f0 | out: lpFindFileData=0xc9d9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.872] GetLastError () returned 0x12 [0141.872] GetLastError () returned 0x12 [0141.872] SetLastError (dwErrCode=0x12) [0141.872] FindClose (in: hFindFile=0x43fdb0 | out: hFindFile=0x43fdb0) returned 1 [0141.873] FindNextFileW (in: hFindFile=0x440710, lpFindFileData=0xc9e2e0 | out: lpFindFileData=0xc9e2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe1aee205, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe1aee205, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Videos", cAlternateFileName="翸")) returned 0 [0141.873] GetLastError () returned 0x12 [0141.873] GetLastError () returned 0x12 [0141.873] SetLastError (dwErrCode=0x12) [0141.873] FindClose (in: hFindFile=0x440710 | out: hFindFile=0x440710) returned 1 [0141.873] FindNextFileW (in: hFindFile=0x440350, lpFindFileData=0xc9ebd0 | out: lpFindFileData=0xc9ebd0*(dwFileAttributes=0x3a0043, ftCreationTime.dwLowDateTime=0x55005c, ftCreationTime.dwHighDateTime=0x650073, ftLastAccessTime.dwLowDateTime=0x730072, ftLastAccessTime.dwHighDateTime=0x52005c, ftLastWriteTime.dwLowDateTime=0x680044, ftLastWriteTime.dwHighDateTime=0x30004a, nFileSizeHigh=0x4e0043, nFileSizeLow=0x650046, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Videos\\", cAlternateFileName="翸")) returned 0 [0141.873] GetLastError () returned 0x12 [0141.873] GetLastError () returned 0x12 [0141.873] SetLastError (dwErrCode=0x12) [0141.873] FindClose (in: hFindFile=0x440350 | out: hFindFile=0x440350) returned 1 [0141.874] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x43f670 | out: hHeap=0x430000) returned 1 [0141.875] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x45cc70 | out: hHeap=0x430000) returned 1 Thread: id = 392 os_tid = 0x1350 [0129.851] GetLastError () returned 0x57 [0129.851] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x80) returned 0x45f950 [0129.851] SetLastError (dwErrCode=0x57) [0129.851] GetLastError () returned 0x57 [0129.851] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c8) returned 0x47bc10 [0129.851] SetLastError (dwErrCode=0x57) Thread: id = 393 os_tid = 0x1354 [0129.852] GetLastError () returned 0x57 [0129.852] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x80) returned 0x45f9e0 [0129.852] SetLastError (dwErrCode=0x57) [0129.852] GetLastError () returned 0x57 [0129.852] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c8) returned 0x47c7a0 [0129.852] SetLastError (dwErrCode=0x57) Thread: id = 394 os_tid = 0x1358 [0130.321] GetLastError () returned 0x57 [0130.321] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x80) returned 0x45fa70 [0130.321] SetLastError (dwErrCode=0x57) [0130.321] GetLastError () returned 0x57 [0130.321] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c8) returned 0x4780e0 [0130.321] SetLastError (dwErrCode=0x57) Thread: id = 395 os_tid = 0x135c [0130.416] GetLastError () returned 0x57 [0130.416] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x80) returned 0x45fb00 [0130.416] SetLastError (dwErrCode=0x57) [0130.416] GetLastError () returned 0x57 [0130.416] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c8) returned 0x46c560 [0130.416] SetLastError (dwErrCode=0x57) Thread: id = 396 os_tid = 0x1360 [0130.417] GetLastError () returned 0x57 [0130.417] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x80) returned 0x45fb90 [0130.417] SetLastError (dwErrCode=0x57) [0130.417] GetLastError () returned 0x57 [0130.418] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c8) returned 0x48cb80 [0130.418] SetLastError (dwErrCode=0x57) Thread: id = 397 os_tid = 0x1368 [0130.555] GetLastError () returned 0x57 [0130.556] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x80) returned 0x45fc20 [0130.556] SetLastError (dwErrCode=0x57) [0130.556] GetLastError () returned 0x57 [0130.556] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c8) returned 0x4734e0 [0130.556] SetLastError (dwErrCode=0x57) Thread: id = 398 os_tid = 0x1364 [0130.663] GetLastError () returned 0x57 [0130.664] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x80) returned 0x45fcb0 [0130.664] SetLastError (dwErrCode=0x57) [0130.664] GetLastError () returned 0x57 [0130.664] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c8) returned 0x473cd0 [0130.664] SetLastError (dwErrCode=0x57) Thread: id = 401 os_tid = 0x1374 [0131.796] GetLastError () returned 0x57 [0131.796] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x80) returned 0x45fe60 [0131.796] SetLastError (dwErrCode=0x57) [0131.796] GetLastError () returned 0x57 [0131.796] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x3c8) returned 0x477420 [0131.797] SetLastError (dwErrCode=0x57) Process: id = "17" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x36458000" os_pid = "0x1348" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x131c" cmd_line = "cmd.exe /c taskkill /f /im msdtc.exe" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f229" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1774 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1775 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1776 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1777 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 1778 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 1779 start_va = 0x170000 end_va = 0x171fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1780 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1781 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1782 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1783 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1784 start_va = 0x7ff6d1610000 end_va = 0x7ff6d1669fff monitored = 1 entry_point = 0x7ff6d16253f0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 1785 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2059 start_va = 0x400000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2074 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2075 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2076 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2077 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2078 start_va = 0x520000 end_va = 0x5ddfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2695 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2696 start_va = 0x5e0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2697 start_va = 0x6e0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006e0000" filename = "" Region: id = 2698 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2802 start_va = 0x180000 end_va = 0x186fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2804 start_va = 0x7b0000 end_va = 0xae6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 391 os_tid = 0x134c [0137.227] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff6d1610000 [0137.227] __set_app_type (_Type=0x1) [0137.227] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff6d1625700) returned 0x0 [0137.227] __getmainargs (in: _Argc=0x7ff6d1640108, _Argv=0x7ff6d1640110, _Env=0x7ff6d1640118, _DoWildCard=0, _StartInfo=0x7ff6d1640124 | out: _Argc=0x7ff6d1640108, _Argv=0x7ff6d1640110, _Env=0x7ff6d1640118) returned 0 [0137.228] GetCurrentThreadId () returned 0x134c [0137.228] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x134c) returned 0x6c [0137.228] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ff901c50000 [0137.228] GetProcAddress (hModule=0x7ff901c50000, lpProcName="SetThreadUILanguage") returned 0x7ff901c73270 [0137.228] SetThreadUILanguage (LangId=0x0) returned 0x409 [0137.309] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0137.310] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x14fed8 | out: phkResult=0x14fed8*=0x0) returned 0x2 [0137.310] VirtualQuery (in: lpAddress=0x14fec4, lpBuffer=0x14fe40, dwLength=0x30 | out: lpBuffer=0x14fe40*(BaseAddress=0x14f000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff803, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xffff8000)) returned 0x30 [0137.310] VirtualQuery (in: lpAddress=0x50000, lpBuffer=0x14fe40, dwLength=0x30 | out: lpBuffer=0x14fe40*(BaseAddress=0x50000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff803, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0xffff8000)) returned 0x30 [0137.310] VirtualQuery (in: lpAddress=0x51000, lpBuffer=0x14fe40, dwLength=0x30 | out: lpBuffer=0x14fe40*(BaseAddress=0x51000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff803, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0xffff8000)) returned 0x30 [0137.310] VirtualQuery (in: lpAddress=0x54000, lpBuffer=0x14fe40, dwLength=0x30 | out: lpBuffer=0x14fe40*(BaseAddress=0x54000, AllocationBase=0x50000, AllocationProtect=0x4, __alignment1=0xfffff803, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0xffff8000)) returned 0x30 [0137.310] VirtualQuery (in: lpAddress=0x150000, lpBuffer=0x14fe40, dwLength=0x30 | out: lpBuffer=0x14fe40*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x2, __alignment1=0xfffff803, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000, __alignment2=0xffff8000)) returned 0x30 [0137.310] GetConsoleOutputCP () returned 0x1b5 [0137.374] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff6d1649660 | out: lpCPInfo=0x7ff6d1649660) returned 1 [0137.374] SetConsoleCtrlHandler (HandlerRoutine=0x7ff6d1632ad0, Add=1) returned 1 [0137.375] _get_osfhandle (_FileHandle=1) returned 0x24 [0137.375] SetConsoleMode (hConsoleHandle=0x24, dwMode=0x0) returned 1 [0137.544] _get_osfhandle (_FileHandle=1) returned 0x24 [0137.544] GetConsoleMode (in: hConsoleHandle=0x24, lpMode=0x7ff6d164960c | out: lpMode=0x7ff6d164960c) returned 1 [0137.721] _get_osfhandle (_FileHandle=1) returned 0x24 [0137.721] SetConsoleMode (hConsoleHandle=0x24, dwMode=0x7) returned 1 [0137.921] _get_osfhandle (_FileHandle=0) returned 0x20 [0137.921] GetConsoleMode (in: hConsoleHandle=0x20, lpMode=0x7ff6d1649608 | out: lpMode=0x7ff6d1649608) returned 1 [0138.216] _get_osfhandle (_FileHandle=0) returned 0x20 [0138.216] SetConsoleMode (hConsoleHandle=0x20, dwMode=0x1a7) returned 1 [0138.494] GetEnvironmentStringsW () returned 0x425580* [0138.494] GetProcessHeap () returned 0x420000 [0138.494] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0xa3e) returned 0x425fd0 [0138.496] memcpy (in: _Dst=0x425fd0, _Src=0x425580, _Size=0xa3e | out: _Dst=0x425fd0) returned 0x425fd0 [0138.496] FreeEnvironmentStringsA (penv="A") returned 1 [0138.496] GetProcessHeap () returned 0x420000 [0138.496] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x8) returned 0x421ff0 [0138.496] GetEnvironmentStringsW () returned 0x425580* [0138.496] GetProcessHeap () returned 0x420000 [0138.496] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0xa3e) returned 0x426a20 [0138.496] memcpy (in: _Dst=0x426a20, _Src=0x425580, _Size=0xa3e | out: _Dst=0x426a20) returned 0x426a20 [0138.496] FreeEnvironmentStringsA (penv="A") returned 1 [0138.496] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14ed88 | out: phkResult=0x14ed88*=0x78) returned 0x0 [0138.496] RegQueryValueExW (in: hKey=0x78, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x0, lpData=0x14eda0*=0x0, lpcbData=0x14ed84*=0x1000) returned 0x2 [0138.497] RegQueryValueExW (in: hKey=0x78, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x4, lpData=0x14eda0*=0x1, lpcbData=0x14ed84*=0x4) returned 0x0 [0138.497] RegQueryValueExW (in: hKey=0x78, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x0, lpData=0x14eda0*=0x1, lpcbData=0x14ed84*=0x1000) returned 0x2 [0138.497] RegQueryValueExW (in: hKey=0x78, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x4, lpData=0x14eda0*=0x0, lpcbData=0x14ed84*=0x4) returned 0x0 [0138.497] RegQueryValueExW (in: hKey=0x78, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x4, lpData=0x14eda0*=0x40, lpcbData=0x14ed84*=0x4) returned 0x0 [0138.497] RegQueryValueExW (in: hKey=0x78, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x4, lpData=0x14eda0*=0x40, lpcbData=0x14ed84*=0x4) returned 0x0 [0138.497] RegQueryValueExW (in: hKey=0x78, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x0, lpData=0x14eda0*=0x40, lpcbData=0x14ed84*=0x1000) returned 0x2 [0138.497] RegCloseKey (hKey=0x78) returned 0x0 [0138.497] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x14ed88 | out: phkResult=0x14ed88*=0x78) returned 0x0 [0138.497] RegQueryValueExW (in: hKey=0x78, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x0, lpData=0x14eda0*=0x40, lpcbData=0x14ed84*=0x1000) returned 0x2 [0138.497] RegQueryValueExW (in: hKey=0x78, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x4, lpData=0x14eda0*=0x1, lpcbData=0x14ed84*=0x4) returned 0x0 [0138.497] RegQueryValueExW (in: hKey=0x78, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x0, lpData=0x14eda0*=0x1, lpcbData=0x14ed84*=0x1000) returned 0x2 [0138.497] RegQueryValueExW (in: hKey=0x78, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x4, lpData=0x14eda0*=0x0, lpcbData=0x14ed84*=0x4) returned 0x0 [0138.497] RegQueryValueExW (in: hKey=0x78, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x4, lpData=0x14eda0*=0x9, lpcbData=0x14ed84*=0x4) returned 0x0 [0138.498] RegQueryValueExW (in: hKey=0x78, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x4, lpData=0x14eda0*=0x9, lpcbData=0x14ed84*=0x4) returned 0x0 [0138.498] RegQueryValueExW (in: hKey=0x78, lpValueName="AutoRun", lpReserved=0x0, lpType=0x14ed80, lpData=0x14eda0, lpcbData=0x14ed84*=0x1000 | out: lpType=0x14ed80*=0x0, lpData=0x14eda0*=0x9, lpcbData=0x14ed84*=0x1000) returned 0x2 [0138.498] RegCloseKey (hKey=0x78) returned 0x0 [0138.498] time (in: timer=0x0 | out: timer=0x0) returned 0x63f79bf1 [0138.498] srand (_Seed=0x63f79bf1) [0138.498] GetCommandLineW () returned="cmd.exe /c taskkill /f /im msdtc.exe" [0138.498] GetCommandLineW () returned="cmd.exe /c taskkill /f /im msdtc.exe" [0138.498] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x7ff6d1651940 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x1d [0138.498] GetProcessHeap () returned 0x420000 [0138.498] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x218) returned 0x4255b0 [0138.499] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4255c0, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0138.499] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff6d16496a0, nSize=0x2000 | out: lpBuffer="") returned 0x9c [0138.499] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff6d16496a0, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0138.499] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x7ff6d16496a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0138.499] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0138.499] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0138.499] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0138.499] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0138.499] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0138.499] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0138.499] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0138.499] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0138.500] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0138.500] GetProcessHeap () returned 0x420000 [0138.500] RtlFreeHeap (HeapHandle=0x420000, Flags=0x0, BaseAddress=0x425fd0) returned 1 [0138.500] GetEnvironmentStringsW () returned 0x4257d0* [0138.500] GetProcessHeap () returned 0x420000 [0138.500] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0xa56) returned 0x427ed0 [0138.501] memcpy (in: _Dst=0x427ed0, _Src=0x4257d0, _Size=0xa56 | out: _Dst=0x427ed0) returned 0x427ed0 [0138.501] FreeEnvironmentStringsA (penv="A") returned 1 [0138.501] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x7ff6d16496a0, nSize=0x2000 | out: lpBuffer="") returned 0x1b [0138.501] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x7ff6d16496a0, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0138.501] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0138.501] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0138.501] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0138.501] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0138.501] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0138.501] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0138.501] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0138.501] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0138.501] GetProcessHeap () returned 0x420000 [0138.501] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x4c) returned 0x428930 [0138.501] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x14fb90 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x1d [0138.502] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x104, lpBuffer=0x14fb90, lpFilePart=0x14fb70 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x14fb70*="Desktop") returned 0x1d [0138.502] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop")) returned 0x11 [0138.502] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x14f8a0 | out: lpFindFileData=0x14f8a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x428990 [0138.503] FindClose (in: hFindFile=0x428990 | out: hFindFile=0x428990) returned 1 [0138.503] memcpy (in: _Dst=0x14fb96, _Src=0x14f8cc, _Size=0xa | out: _Dst=0x14fb96) returned 0x14fb96 [0138.503] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX" (normalized: "c:\\users\\rdhj0cnfevzx"), lpFindFileData=0x14f8a0 | out: lpFindFileData=0x14f8a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RDhJ0CNFevzX", cAlternateFileName="RDHJ0C~1")) returned 0x420720 [0138.504] FindClose (in: hFindFile=0x420720 | out: hFindFile=0x420720) returned 1 [0138.504] _wcsnicmp (_String1="RDHJ0C~1", _String2="RDhJ0CNFevzX", _MaxCount=0xc) returned 16 [0138.504] memcpy (in: _Dst=0x14fba2, _Src=0x14f8cc, _Size=0x18 | out: _Dst=0x14fba2) returned 0x14fba2 [0138.504] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop"), lpFindFileData=0x14f8a0 | out: lpFindFileData=0x14f8a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x70b46c13, ftLastAccessTime.dwHighDateTime=0x1d947a8, ftLastWriteTime.dwLowDateTime=0x70b46c13, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 0x420720 [0138.504] FindClose (in: hFindFile=0x420720 | out: hFindFile=0x420720) returned 1 [0138.504] memcpy (in: _Dst=0x14fbbc, _Src=0x14f8cc, _Size=0xe | out: _Dst=0x14fbbc) returned 0x14fbbc [0138.505] GetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop")) returned 0x11 [0138.505] SetCurrentDirectoryW (lpPathName="C:\\Users\\RDhJ0CNFevzX\\Desktop" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop")) returned 1 [0138.505] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 1 [0138.505] GetProcessHeap () returned 0x420000 [0138.505] RtlFreeHeap (HeapHandle=0x420000, Flags=0x0, BaseAddress=0x427ed0) returned 1 [0138.505] GetEnvironmentStringsW () returned 0x427470* [0138.506] GetProcessHeap () returned 0x420000 [0138.506] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0xa9a) returned 0x42a640 [0138.506] memcpy (in: _Dst=0x42a640, _Src=0x427470, _Size=0xa9a | out: _Dst=0x42a640) returned 0x42a640 [0138.506] FreeEnvironmentStringsA (penv="=") returned 1 [0138.506] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x7ff6d1651940 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop") returned 0x1d [0138.506] GetProcessHeap () returned 0x420000 [0138.506] RtlFreeHeap (HeapHandle=0x420000, Flags=0x0, BaseAddress=0x428930) returned 1 [0138.506] GetProcessHeap () returned 0x420000 [0138.507] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x4016) returned 0x42b0f0 [0138.507] GetProcessHeap () returned 0x420000 [0138.507] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x48) returned 0x420720 [0138.507] GetProcessHeap () returned 0x420000 [0138.508] RtlFreeHeap (HeapHandle=0x420000, Flags=0x0, BaseAddress=0x42b0f0) returned 1 [0138.508] GetConsoleOutputCP () returned 0x1b5 [0138.638] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff6d1649660 | out: lpCPInfo=0x7ff6d1649660) returned 1 [0138.638] GetUserDefaultLCID () returned 0x409 [0138.638] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x7ff6d164d6a0, cchData=8 | out: lpLCData=":") returned 2 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x14fcc0, cchData=128 | out: lpLCData="0") returned 2 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x14fcc0, cchData=128 | out: lpLCData="0") returned 2 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x14fcc0, cchData=128 | out: lpLCData="1") returned 2 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x7ff6d164d6b0, cchData=8 | out: lpLCData="/") returned 2 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x7ff6d164d700, cchData=32 | out: lpLCData="Mon") returned 4 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x7ff6d164d740, cchData=32 | out: lpLCData="Tue") returned 4 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x7ff6d164d780, cchData=32 | out: lpLCData="Wed") returned 4 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x7ff6d164d7c0, cchData=32 | out: lpLCData="Thu") returned 4 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x7ff6d164d800, cchData=32 | out: lpLCData="Fri") returned 4 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x7ff6d164d840, cchData=32 | out: lpLCData="Sat") returned 4 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x7ff6d164d880, cchData=32 | out: lpLCData="Sun") returned 4 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x7ff6d164d6c0, cchData=8 | out: lpLCData=".") returned 2 [0138.639] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x7ff6d164d6e0, cchData=8 | out: lpLCData=",") returned 2 [0138.639] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0138.641] GetProcessHeap () returned 0x420000 [0138.641] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x0, Size=0x20c) returned 0x421070 [0138.641] GetConsoleTitleW (in: lpConsoleTitle=0x421070, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SYSTEM32\\cmd.exe") returned 0x1b [0138.872] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x7ff901c50000 [0138.872] GetProcAddress (hModule=0x7ff901c50000, lpProcName="CopyFileExW") returned 0x7ff901c78940 [0138.872] GetProcAddress (hModule=0x7ff901c50000, lpProcName="IsDebuggerPresent") returned 0x7ff901c77460 [0138.872] GetProcAddress (hModule=0x7ff901c50000, lpProcName="SetConsoleInputExeNameW") returned 0x7ff9012d6e50 [0138.873] GetProcessHeap () returned 0x420000 [0138.873] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x4012) returned 0x42b0f0 [0138.873] GetProcessHeap () returned 0x420000 [0138.874] RtlFreeHeap (HeapHandle=0x420000, Flags=0x0, BaseAddress=0x42b0f0) returned 1 [0138.874] _wcsicmp (_String1="taskkill", _String2=")") returned 75 [0138.875] _wcsicmp (_String1="FOR", _String2="taskkill") returned -14 [0138.875] _wcsicmp (_String1="FOR/?", _String2="taskkill") returned -14 [0138.875] _wcsicmp (_String1="IF", _String2="taskkill") returned -11 [0138.875] _wcsicmp (_String1="IF/?", _String2="taskkill") returned -11 [0138.875] _wcsicmp (_String1="REM", _String2="taskkill") returned -2 [0138.875] _wcsicmp (_String1="REM/?", _String2="taskkill") returned -2 [0138.875] GetProcessHeap () returned 0x420000 [0138.875] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0xb0) returned 0x426280 [0138.875] GetProcessHeap () returned 0x420000 [0138.875] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x22) returned 0x4207e0 [0138.875] GetProcessHeap () returned 0x420000 [0138.875] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x34) returned 0x426340 [0138.876] GetConsoleTitleW (in: lpConsoleTitle=0x14fbb0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SYSTEM32\\cmd.exe") returned 0x1b [0138.982] _wcsicmp (_String1="taskkill", _String2="DIR") returned 16 [0138.982] _wcsicmp (_String1="taskkill", _String2="ERASE") returned 15 [0138.982] _wcsicmp (_String1="taskkill", _String2="DEL") returned 16 [0138.982] _wcsicmp (_String1="taskkill", _String2="TYPE") returned -24 [0138.982] _wcsicmp (_String1="taskkill", _String2="COPY") returned 17 [0138.982] _wcsicmp (_String1="taskkill", _String2="CD") returned 17 [0138.982] _wcsicmp (_String1="taskkill", _String2="CHDIR") returned 17 [0138.983] _wcsicmp (_String1="taskkill", _String2="RENAME") returned 2 [0138.983] _wcsicmp (_String1="taskkill", _String2="REN") returned 2 [0138.983] _wcsicmp (_String1="taskkill", _String2="ECHO") returned 15 [0138.983] _wcsicmp (_String1="taskkill", _String2="SET") returned 1 [0138.983] _wcsicmp (_String1="taskkill", _String2="PAUSE") returned 4 [0138.983] _wcsicmp (_String1="taskkill", _String2="DATE") returned 16 [0138.983] _wcsicmp (_String1="taskkill", _String2="TIME") returned -8 [0138.983] _wcsicmp (_String1="taskkill", _String2="PROMPT") returned 4 [0138.983] _wcsicmp (_String1="taskkill", _String2="MD") returned 7 [0138.983] _wcsicmp (_String1="taskkill", _String2="MKDIR") returned 7 [0138.983] _wcsicmp (_String1="taskkill", _String2="RD") returned 2 [0138.983] _wcsicmp (_String1="taskkill", _String2="RMDIR") returned 2 [0138.983] _wcsicmp (_String1="taskkill", _String2="PATH") returned 4 [0138.983] _wcsicmp (_String1="taskkill", _String2="GOTO") returned 13 [0138.983] _wcsicmp (_String1="taskkill", _String2="SHIFT") returned 1 [0138.983] _wcsicmp (_String1="taskkill", _String2="CLS") returned 17 [0138.983] _wcsicmp (_String1="taskkill", _String2="CALL") returned 17 [0138.983] _wcsicmp (_String1="taskkill", _String2="VERIFY") returned -2 [0138.983] _wcsicmp (_String1="taskkill", _String2="VER") returned -2 [0138.983] _wcsicmp (_String1="taskkill", _String2="VOL") returned -2 [0138.983] _wcsicmp (_String1="taskkill", _String2="EXIT") returned 15 [0138.983] _wcsicmp (_String1="taskkill", _String2="SETLOCAL") returned 1 [0138.983] _wcsicmp (_String1="taskkill", _String2="ENDLOCAL") returned 15 [0138.984] _wcsicmp (_String1="taskkill", _String2="TITLE") returned -8 [0138.984] _wcsicmp (_String1="taskkill", _String2="START") returned 1 [0138.984] _wcsicmp (_String1="taskkill", _String2="DPATH") returned 16 [0138.984] _wcsicmp (_String1="taskkill", _String2="KEYS") returned 9 [0138.984] _wcsicmp (_String1="taskkill", _String2="MOVE") returned 7 [0138.984] _wcsicmp (_String1="taskkill", _String2="PUSHD") returned 4 [0138.984] _wcsicmp (_String1="taskkill", _String2="POPD") returned 4 [0138.984] _wcsicmp (_String1="taskkill", _String2="ASSOC") returned 19 [0138.984] _wcsicmp (_String1="taskkill", _String2="FTYPE") returned 14 [0138.984] _wcsicmp (_String1="taskkill", _String2="BREAK") returned 18 [0138.984] _wcsicmp (_String1="taskkill", _String2="COLOR") returned 17 [0138.984] _wcsicmp (_String1="taskkill", _String2="MKLINK") returned 7 [0138.984] _wcsicmp (_String1="taskkill", _String2="DIR") returned 16 [0138.984] _wcsicmp (_String1="taskkill", _String2="ERASE") returned 15 [0138.984] _wcsicmp (_String1="taskkill", _String2="DEL") returned 16 [0138.984] _wcsicmp (_String1="taskkill", _String2="TYPE") returned -24 [0138.984] _wcsicmp (_String1="taskkill", _String2="COPY") returned 17 [0138.984] _wcsicmp (_String1="taskkill", _String2="CD") returned 17 [0138.984] _wcsicmp (_String1="taskkill", _String2="CHDIR") returned 17 [0138.985] _wcsicmp (_String1="taskkill", _String2="RENAME") returned 2 [0138.985] _wcsicmp (_String1="taskkill", _String2="REN") returned 2 [0138.985] _wcsicmp (_String1="taskkill", _String2="ECHO") returned 15 [0138.985] _wcsicmp (_String1="taskkill", _String2="SET") returned 1 [0138.985] _wcsicmp (_String1="taskkill", _String2="PAUSE") returned 4 [0138.985] _wcsicmp (_String1="taskkill", _String2="DATE") returned 16 [0138.985] _wcsicmp (_String1="taskkill", _String2="TIME") returned -8 [0138.985] _wcsicmp (_String1="taskkill", _String2="PROMPT") returned 4 [0138.985] _wcsicmp (_String1="taskkill", _String2="MD") returned 7 [0138.985] _wcsicmp (_String1="taskkill", _String2="MKDIR") returned 7 [0138.985] _wcsicmp (_String1="taskkill", _String2="RD") returned 2 [0138.985] _wcsicmp (_String1="taskkill", _String2="RMDIR") returned 2 [0138.985] _wcsicmp (_String1="taskkill", _String2="PATH") returned 4 [0138.985] _wcsicmp (_String1="taskkill", _String2="GOTO") returned 13 [0138.985] _wcsicmp (_String1="taskkill", _String2="SHIFT") returned 1 [0138.985] _wcsicmp (_String1="taskkill", _String2="CLS") returned 17 [0138.985] _wcsicmp (_String1="taskkill", _String2="CALL") returned 17 [0138.985] _wcsicmp (_String1="taskkill", _String2="VERIFY") returned -2 [0138.985] _wcsicmp (_String1="taskkill", _String2="VER") returned -2 [0138.985] _wcsicmp (_String1="taskkill", _String2="VOL") returned -2 [0138.985] _wcsicmp (_String1="taskkill", _String2="EXIT") returned 15 [0138.985] _wcsicmp (_String1="taskkill", _String2="SETLOCAL") returned 1 [0138.985] _wcsicmp (_String1="taskkill", _String2="ENDLOCAL") returned 15 [0138.986] _wcsicmp (_String1="taskkill", _String2="TITLE") returned -8 [0138.986] _wcsicmp (_String1="taskkill", _String2="START") returned 1 [0138.986] _wcsicmp (_String1="taskkill", _String2="DPATH") returned 16 [0138.986] _wcsicmp (_String1="taskkill", _String2="KEYS") returned 9 [0138.986] _wcsicmp (_String1="taskkill", _String2="MOVE") returned 7 [0138.986] _wcsicmp (_String1="taskkill", _String2="PUSHD") returned 4 [0138.986] _wcsicmp (_String1="taskkill", _String2="POPD") returned 4 [0138.986] _wcsicmp (_String1="taskkill", _String2="ASSOC") returned 19 [0138.986] _wcsicmp (_String1="taskkill", _String2="FTYPE") returned 14 [0138.986] _wcsicmp (_String1="taskkill", _String2="BREAK") returned 18 [0138.986] _wcsicmp (_String1="taskkill", _String2="COLOR") returned 17 [0138.986] _wcsicmp (_String1="taskkill", _String2="MKLINK") returned 7 [0138.986] _wcsicmp (_String1="taskkill", _String2="FOR") returned 14 [0138.986] _wcsicmp (_String1="taskkill", _String2="IF") returned 11 [0138.986] _wcsicmp (_String1="taskkill", _String2="REM") returned 2 [0138.987] GetProcessHeap () returned 0x420000 [0138.987] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x218) returned 0x426380 [0138.987] GetProcessHeap () returned 0x420000 [0138.987] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x46) returned 0x4265a0 [0138.987] _wcsnicmp (_String1="task", _String2="cmd ", _MaxCount=0x4) returned 17 [0138.987] GetProcessHeap () returned 0x420000 [0138.987] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x420) returned 0x4265f0 [0138.988] SetErrorMode (uMode=0x0) returned 0x0 [0138.988] SetErrorMode (uMode=0x1) returned 0x0 [0138.988] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x426600, lpFilePart=0x14f450 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x14f450*="Desktop") returned 0x1d [0138.988] SetErrorMode (uMode=0x0) returned 0x1 [0138.988] GetProcessHeap () returned 0x420000 [0138.988] RtlReAllocateHeap (Heap=0x420000, Flags=0x0, Ptr=0x4265f0, Size=0x5e) returned 0x4265f0 [0138.988] GetProcessHeap () returned 0x420000 [0138.988] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x4265f0) returned 0x5e [0138.988] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x7ff6d16496a0, nSize=0x2000 | out: lpBuffer="") returned 0x9c [0138.988] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0138.989] GetProcessHeap () returned 0x420000 [0138.989] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x18a) returned 0x426660 [0138.989] GetProcessHeap () returned 0x420000 [0138.989] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x304) returned 0x427470 [0139.117] GetProcessHeap () returned 0x420000 [0139.117] RtlReAllocateHeap (Heap=0x420000, Flags=0x0, Ptr=0x427470, Size=0x18c) returned 0x427470 [0139.117] GetProcessHeap () returned 0x420000 [0139.117] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x427470) returned 0x18c [0139.117] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x7ff6d16496a0, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0139.117] GetProcessHeap () returned 0x420000 [0139.117] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0xe8) returned 0x426800 [0139.119] GetProcessHeap () returned 0x420000 [0139.119] RtlReAllocateHeap (Heap=0x420000, Flags=0x0, Ptr=0x426800, Size=0x7e) returned 0x426800 [0139.119] GetProcessHeap () returned 0x420000 [0139.119] RtlSizeHeap (HeapHandle=0x420000, Flags=0x0, MemoryPointer=0x426800) returned 0x7e [0139.121] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0139.121] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\taskkill.*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\taskkill.*"), fInfoLevelId=0x1, lpFindFileData=0x14f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f1d0) returned 0xffffffffffffffff [0139.121] GetLastError () returned 0x2 [0139.121] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0139.121] FindFirstFileExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Oracle\\Java\\javapath\\taskkill.*" (normalized: "c:\\program files (x86)\\common files\\oracle\\java\\javapath\\taskkill.*"), fInfoLevelId=0x1, lpFindFileData=0x14f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f1d0) returned 0xffffffffffffffff [0139.122] GetLastError () returned 0x2 [0139.122] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0139.122] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\taskkill.*" (normalized: "c:\\windows\\system32\\taskkill.*"), fInfoLevelId=0x1, lpFindFileData=0x14f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f1d0) returned 0x426890 [0139.123] GetProcessHeap () returned 0x420000 [0139.123] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x0, Size=0x28) returned 0x4268f0 [0139.123] FindClose (in: hFindFile=0x426890 | out: hFindFile=0x426890) returned 1 [0139.123] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\taskkill.COM" (normalized: "c:\\windows\\system32\\taskkill.com"), fInfoLevelId=0x1, lpFindFileData=0x14f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f1d0) returned 0xffffffffffffffff [0139.123] GetLastError () returned 0x2 [0139.123] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\taskkill.EXE" (normalized: "c:\\windows\\system32\\taskkill.exe"), fInfoLevelId=0x1, lpFindFileData=0x14f1d0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x14f1d0) returned 0x426890 [0139.123] GetProcessHeap () returned 0x420000 [0139.123] RtlReAllocateHeap (Heap=0x420000, Flags=0x0, Ptr=0x4268f0, Size=0x8) returned 0x4268f0 [0139.123] FindClose (in: hFindFile=0x426890 | out: hFindFile=0x426890) returned 1 [0139.124] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0139.124] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0139.124] GetConsoleTitleW (in: lpConsoleTitle=0x14f730, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\SYSTEM32\\cmd.exe") returned 0x1b [0139.230] InitializeProcThreadAttributeList (in: lpAttributeList=0x14f650, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x14f550 | out: lpAttributeList=0x14f650, lpSize=0x14f550) returned 1 [0139.231] UpdateProcThreadAttribute (in: lpAttributeList=0x14f650, dwFlags=0x0, Attribute=0x60001, lpValue=0x14f53c, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x14f650, lpPreviousValue=0x0) returned 1 [0139.231] GetStartupInfoW (in: lpStartupInfo=0x14f5e0 | out: lpStartupInfo=0x14f5e0*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\SYSTEM32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0139.231] GetProcessHeap () returned 0x420000 [0139.231] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x20) returned 0x426890 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0139.231] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0139.232] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0139.232] GetProcessHeap () returned 0x420000 [0139.233] RtlFreeHeap (HeapHandle=0x420000, Flags=0x0, BaseAddress=0x426890) returned 1 [0139.233] GetProcessHeap () returned 0x420000 [0139.233] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0x12) returned 0x420810 [0139.233] lstrcmpW (lpString1="\\taskkill.exe", lpString2="\\XCOPY.EXE") returned -1 [0139.238] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\taskkill.exe", lpCommandLine="taskkill /f /im msdtc.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpStartupInfo=0x14f570*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="taskkill /f /im msdtc.exe", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x14f558 | out: lpCommandLine="taskkill /f /im msdtc.exe", lpProcessInformation=0x14f558*(hProcess=0x8c, hThread=0x88, dwProcessId=0x13a0, dwThreadId=0x13a4)) returned 1 [0139.264] CloseHandle (hObject=0x88) returned 1 [0139.264] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0139.264] GetProcessHeap () returned 0x420000 [0139.265] RtlFreeHeap (HeapHandle=0x420000, Flags=0x0, BaseAddress=0x42a640) returned 1 [0139.265] GetEnvironmentStringsW () returned 0x427ad0* [0139.265] GetProcessHeap () returned 0x420000 [0139.265] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0xa9a) returned 0x42a640 [0139.265] memcpy (in: _Dst=0x42a640, _Src=0x427ad0, _Size=0xa9a | out: _Dst=0x42a640) returned 0x42a640 [0139.265] FreeEnvironmentStringsA (penv="=") returned 1 [0139.265] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0142.700] GetExitCodeProcess (in: hProcess=0x8c, lpExitCode=0x14f4d8 | out: lpExitCode=0x14f4d8*=0x0) returned 1 [0142.700] CloseHandle (hObject=0x8c) returned 1 [0142.700] _vsnwprintf (in: _Buffer=0x14f698, _BufferCount=0x13, _Format="%08X", _ArgList=0x14f4e8 | out: _Buffer="00000000") returned 8 [0142.701] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0142.701] GetProcessHeap () returned 0x420000 [0142.701] RtlFreeHeap (HeapHandle=0x420000, Flags=0x0, BaseAddress=0x42a640) returned 1 [0142.701] GetEnvironmentStringsW () returned 0x42a640* [0142.701] GetProcessHeap () returned 0x420000 [0142.702] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0xac0) returned 0x42b110 [0142.702] memcpy (in: _Dst=0x42b110, _Src=0x42a640, _Size=0xac0 | out: _Dst=0x42b110) returned 0x42b110 [0142.702] FreeEnvironmentStringsA (penv="=") returned 1 [0142.702] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0142.702] GetProcessHeap () returned 0x420000 [0142.702] RtlFreeHeap (HeapHandle=0x420000, Flags=0x0, BaseAddress=0x42b110) returned 1 [0142.702] GetEnvironmentStringsW () returned 0x42a640* [0142.702] GetProcessHeap () returned 0x420000 [0142.702] RtlAllocateHeap (HeapHandle=0x420000, Flags=0x8, Size=0xac0) returned 0x42b110 [0142.702] memcpy (in: _Dst=0x42b110, _Src=0x42a640, _Size=0xac0 | out: _Dst=0x42b110) returned 0x42b110 [0142.702] FreeEnvironmentStringsA (penv="=") returned 1 [0142.703] GetProcessHeap () returned 0x420000 [0142.703] RtlFreeHeap (HeapHandle=0x420000, Flags=0x0, BaseAddress=0x420810) returned 1 [0142.703] DeleteProcThreadAttributeList (in: lpAttributeList=0x14f650 | out: lpAttributeList=0x14f650) [0142.703] _get_osfhandle (_FileHandle=1) returned 0x24 [0142.703] SetConsoleMode (hConsoleHandle=0x24, dwMode=0x7) returned 1 [0142.703] _get_osfhandle (_FileHandle=1) returned 0x24 [0142.703] GetConsoleMode (in: hConsoleHandle=0x24, lpMode=0x7ff6d164960c | out: lpMode=0x7ff6d164960c) returned 1 [0142.704] _get_osfhandle (_FileHandle=0) returned 0x20 [0142.704] GetConsoleMode (in: hConsoleHandle=0x20, lpMode=0x7ff6d1649608 | out: lpMode=0x7ff6d1649608) returned 1 [0142.704] SetConsoleInputExeNameW () returned 0x1 [0142.704] GetConsoleOutputCP () returned 0x1b5 [0142.705] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x7ff6d1649660 | out: lpCPInfo=0x7ff6d1649660) returned 1 [0142.705] SetThreadUILanguage (LangId=0x0) returned 0x409 [0142.705] exit (_Code=0) Thread: id = 406 os_tid = 0x1390 Process: id = "18" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x36204000" os_pid = "0x136c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0x1348" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f229" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2079 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2080 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2081 start_va = 0x50000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2082 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2083 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2084 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2085 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2086 start_va = 0x7ff6855f0000 end_va = 0x7ff685600fff monitored = 0 entry_point = 0x7ff6855f16b0 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 2087 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2313 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2314 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2315 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2316 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2317 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2318 start_va = 0x90000 end_va = 0x14dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2319 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2320 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2321 start_va = 0x400000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2322 start_va = 0x500000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2323 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2324 start_va = 0x7ff8eef10000 end_va = 0x7ff8eef68fff monitored = 0 entry_point = 0x7ff8eef1fbf0 region_type = mapped_file name = "conhostv2.dll" filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll") Region: id = 2325 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000190000" filename = "" Region: id = 2326 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2327 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2328 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2329 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2330 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2331 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 2332 start_va = 0x7ff901f80000 end_va = 0x7ff9020c2fff monitored = 0 entry_point = 0x7ff901fa8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2333 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2334 start_va = 0x7ff901e30000 end_va = 0x7ff901e6afff monitored = 0 entry_point = 0x7ff901e312f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2335 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2337 start_va = 0x7ff8fec90000 end_va = 0x7ff8fee15fff monitored = 0 entry_point = 0x7ff8fecdd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2510 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2511 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2512 start_va = 0x600000 end_va = 0x787fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2513 start_va = 0x790000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 2514 start_va = 0x920000 end_va = 0x1d1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000920000" filename = "" Region: id = 2515 start_va = 0x1d20000 end_va = 0x1e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 2516 start_va = 0x400000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2517 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2518 start_va = 0x7ff9024a0000 end_va = 0x7ff9039fefff monitored = 0 entry_point = 0x7ff9026011f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 2519 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2520 start_va = 0x7ff900b10000 end_va = 0x7ff901153fff monitored = 0 entry_point = 0x7ff900cd64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 2521 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2522 start_va = 0x7ff903e40000 end_va = 0x7ff903e91fff monitored = 0 entry_point = 0x7ff903e4f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2523 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2524 start_va = 0x7ff900a50000 end_va = 0x7ff900b04fff monitored = 0 entry_point = 0x7ff900a922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 2525 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2526 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2527 start_va = 0x7ff8ff0c0000 end_va = 0x7ff8ff155fff monitored = 0 entry_point = 0x7ff8ff0e5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 2529 start_va = 0x1d20000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 2530 start_va = 0x1e00000 end_va = 0x1e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e00000" filename = "" Region: id = 2533 start_va = 0x1e10000 end_va = 0x2146fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2534 start_va = 0x50000 end_va = 0x70fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 2535 start_va = 0x440000 end_va = 0x499fff monitored = 1 entry_point = 0x4553f0 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 2536 start_va = 0x2150000 end_va = 0x2360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 2537 start_va = 0x2370000 end_va = 0x258ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 2538 start_va = 0x2590000 end_va = 0x269cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 2539 start_va = 0x26a0000 end_va = 0x28b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 2540 start_va = 0x28c0000 end_va = 0x29c9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 2542 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2543 start_va = 0x7ff902270000 end_va = 0x7ff9023c9fff monitored = 0 entry_point = 0x7ff9022b38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2671 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2672 start_va = 0x1d20000 end_va = 0x1ddbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001d20000" filename = "" Region: id = 2673 start_va = 0x1df0000 end_va = 0x1dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001df0000" filename = "" Region: id = 2674 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2675 start_va = 0x7ff8fe710000 end_va = 0x7ff8fe731fff monitored = 0 entry_point = 0x7ff8fe711a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 2678 start_va = 0x7ff8fee80000 end_va = 0x7ff8fee92fff monitored = 0 entry_point = 0x7ff8fee82760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2679 start_va = 0x7ff9003c0000 end_va = 0x7ff900415fff monitored = 0 entry_point = 0x7ff9003d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2680 start_va = 0x60000 end_va = 0x66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2681 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 2682 start_va = 0x80000 end_va = 0x80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 2683 start_va = 0x1d0000 end_va = 0x1d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2684 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhostv2.dll.mui" filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui") Region: id = 2687 start_va = 0x1f0000 end_va = 0x1f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2688 start_va = 0x7ff8f5c00000 end_va = 0x7ff8f5e73fff monitored = 0 entry_point = 0x7ff8f5c70400 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll") Region: id = 2690 start_va = 0x480000 end_va = 0x480fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2691 start_va = 0x490000 end_va = 0x491fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Thread: id = 399 os_tid = 0x1370 Thread: id = 402 os_tid = 0x1378 Thread: id = 403 os_tid = 0x137c Thread: id = 404 os_tid = 0x1380 Process: id = "19" image_name = "backgroundtaskhost.exe" filename = "c:\\windows\\system32\\backgroundtaskhost.exe" page_root = "0x357c1000" os_pid = "0x1398" os_integrity_level = "0x1000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x274" cmd_line = "\"C:\\Windows\\system32\\backgroundTaskHost.exe\" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca" cur_dir = "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f229" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2703 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2704 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2705 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2706 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2707 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2708 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2709 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2710 start_va = 0x7df5ffb40000 end_va = 0x7ff5ffb3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffb40000" filename = "" Region: id = 2711 start_va = 0x7ff699050000 end_va = 0x7ff699072fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff699050000" filename = "" Region: id = 2712 start_va = 0x7ff699cf0000 end_va = 0x7ff699cf6fff monitored = 0 entry_point = 0x7ff699cf1460 region_type = mapped_file name = "backgroundtaskhost.exe" filename = "\\Windows\\System32\\backgroundTaskHost.exe" (normalized: "c:\\windows\\system32\\backgroundtaskhost.exe") Region: id = 2713 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2714 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Thread: id = 408 os_tid = 0x139c Process: id = "20" image_name = "taskkill.exe" filename = "c:\\windows\\system32\\taskkill.exe" page_root = "0x35368000" os_pid = "0x13a0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0x1348" cmd_line = "taskkill /f /im msdtc.exe" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f229" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2805 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2806 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2807 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2808 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2809 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2810 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2811 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2812 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2813 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2814 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2815 start_va = 0x7ff673c20000 end_va = 0x7ff673c3bfff monitored = 0 entry_point = 0x7ff673c2fc00 region_type = mapped_file name = "taskkill.exe" filename = "\\Windows\\System32\\taskkill.exe" (normalized: "c:\\windows\\system32\\taskkill.exe") Region: id = 2816 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2817 start_va = 0x400000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2818 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2819 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2820 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2821 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2822 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2823 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2824 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2825 start_va = 0x550000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 2826 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2827 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2828 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2829 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2830 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2831 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2832 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2833 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2834 start_va = 0x7ff8fa110000 end_va = 0x7ff8fa119fff monitored = 0 entry_point = 0x7ff8fa111350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2835 start_va = 0x7ff8f8cb0000 end_va = 0x7ff8f8ccafff monitored = 0 entry_point = 0x7ff8f8cb1040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 2836 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2837 start_va = 0x7ff903e40000 end_va = 0x7ff903e91fff monitored = 0 entry_point = 0x7ff903e4f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2838 start_va = 0x7ff8ebf00000 end_va = 0x7ff8ebf4dfff monitored = 0 entry_point = 0x7ff8ebf11ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 2839 start_va = 0x7ff8eb070000 end_va = 0x7ff8eb1fbfff monitored = 0 entry_point = 0x7ff8eb078de0 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 2840 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2841 start_va = 0x7ff8f4840000 end_va = 0x7ff8f4865fff monitored = 0 entry_point = 0x7ff8f4841cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2842 start_va = 0x7ff8ffb50000 end_va = 0x7ff8ffb5bfff monitored = 0 entry_point = 0x7ff8ffb527e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2843 start_va = 0x5d0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 2844 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2845 start_va = 0x400000 end_va = 0x438fff monitored = 0 entry_point = 0x4012f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2846 start_va = 0x450000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 2847 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 2848 start_va = 0x7ff901e30000 end_va = 0x7ff901e6afff monitored = 0 entry_point = 0x7ff901e312f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2849 start_va = 0x890000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 2850 start_va = 0xa20000 end_va = 0x1e1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 2851 start_va = 0x1d0000 end_va = 0x1d4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskkill.exe.mui" filename = "\\Windows\\System32\\en-US\\taskkill.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskkill.exe.mui") Region: id = 2852 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2853 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2854 start_va = 0x1e20000 end_va = 0x2156fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2855 start_va = 0x2160000 end_va = 0x22a2fff monitored = 0 entry_point = 0x2188210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2856 start_va = 0x5d0000 end_va = 0x6affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2857 start_va = 0x6f0000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 2858 start_va = 0x2160000 end_va = 0x223cfff monitored = 0 entry_point = 0x21be0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2859 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2860 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2861 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2862 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2863 start_va = 0x7ff8f62e0000 end_va = 0x7ff8f62f0fff monitored = 0 entry_point = 0x7ff8f62e2fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2864 start_va = 0x7ff8f7610000 end_va = 0x7ff8f768efff monitored = 0 entry_point = 0x7ff8f7627110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2865 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2866 start_va = 0x7ff9003c0000 end_va = 0x7ff900415fff monitored = 0 entry_point = 0x7ff9003d0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2867 start_va = 0x2160000 end_va = 0x223cfff monitored = 0 entry_point = 0x21be0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2868 start_va = 0x2160000 end_va = 0x21dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 2869 start_va = 0x21e0000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 2870 start_va = 0x2260000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 2871 start_va = 0x7ff8f39e0000 end_va = 0x7ff8f39f3fff monitored = 0 entry_point = 0x7ff8f39e1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2872 start_va = 0x7ff8f3a00000 end_va = 0x7ff8f3af5fff monitored = 0 entry_point = 0x7ff8f3a39590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2878 start_va = 0x420000 end_va = 0x425fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Thread: id = 410 os_tid = 0x13a4 Thread: id = 411 os_tid = 0x13a8 Thread: id = 412 os_tid = 0x13ac Thread: id = 413 os_tid = 0x13b0 Thread: id = 414 os_tid = 0x13b4 Process: id = "21" image_name = "msdtc.exe" filename = "c:\\windows\\system32\\msdtc.exe" page_root = "0x590d5000" os_pid = "0x13c8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x210" cmd_line = "C:\\Windows\\System32\\msdtc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\MSDTC" [0xe], "NT AUTHORITY\\Logon Session 00000000:000b66c9" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 2897 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2898 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2899 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2900 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 2901 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2902 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2903 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2904 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2905 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 2906 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 2907 start_va = 0x7ff6e1ce0000 end_va = 0x7ff6e1d0afff monitored = 0 entry_point = 0x7ff6e1ce68d0 region_type = mapped_file name = "msdtc.exe" filename = "\\Windows\\System32\\msdtc.exe" (normalized: "c:\\windows\\system32\\msdtc.exe") Region: id = 2908 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2909 start_va = 0x400000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2910 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2911 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2912 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2913 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 2914 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2915 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2916 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2917 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2918 start_va = 0x5c0000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 2919 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2920 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2921 start_va = 0x7ff8eb3c0000 end_va = 0x7ff8eb579fff monitored = 0 entry_point = 0x7ff8eb3c7120 region_type = mapped_file name = "msdtctm.dll" filename = "\\Windows\\System32\\msdtctm.dll" (normalized: "c:\\windows\\system32\\msdtctm.dll") Region: id = 2922 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2923 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2924 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2925 start_va = 0x7ff901f80000 end_va = 0x7ff9020c2fff monitored = 0 entry_point = 0x7ff901fa8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2926 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2927 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2928 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2929 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2930 start_va = 0x7ff8eb2e0000 end_va = 0x7ff8eb3bcfff monitored = 0 entry_point = 0x7ff8eb35d590 region_type = mapped_file name = "msdtcprx.dll" filename = "\\Windows\\System32\\msdtcprx.dll" (normalized: "c:\\windows\\system32\\msdtcprx.dll") Region: id = 2931 start_va = 0x7ff8f9c50000 end_va = 0x7ff8f9c76fff monitored = 0 entry_point = 0x7ff8f9c62820 region_type = mapped_file name = "msdtclog.dll" filename = "\\Windows\\System32\\msdtclog.dll" (normalized: "c:\\windows\\system32\\msdtclog.dll") Region: id = 2932 start_va = 0x7ff8ed5e0000 end_va = 0x7ff8ed649fff monitored = 0 entry_point = 0x7ff8ed60e410 region_type = mapped_file name = "mtxclu.dll" filename = "\\Windows\\System32\\mtxclu.dll" (normalized: "c:\\windows\\system32\\mtxclu.dll") Region: id = 2933 start_va = 0x7ff8fef30000 end_va = 0x7ff8fef52fff monitored = 0 entry_point = 0x7ff8fef33670 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 2934 start_va = 0x7ff8f65c0000 end_va = 0x7ff8f6662fff monitored = 0 entry_point = 0x7ff8f65c2c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 2935 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2936 start_va = 0x7ff8fee40000 end_va = 0x7ff8fee4afff monitored = 0 entry_point = 0x7ff8fee424e0 region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 2937 start_va = 0x7ff8f6670000 end_va = 0x7ff8f66c1fff monitored = 0 entry_point = 0x7ff8f6675770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 2938 start_va = 0x7ff9000c0000 end_va = 0x7ff9000d6fff monitored = 0 entry_point = 0x7ff9000c79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2939 start_va = 0x7ff8feed0000 end_va = 0x7ff8feefbfff monitored = 0 entry_point = 0x7ff8feed8210 region_type = mapped_file name = "winmmbase.dll" filename = "\\Windows\\System32\\winmmbase.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll") Region: id = 2940 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2941 start_va = 0x7ff9002b0000 end_va = 0x7ff9002d6fff monitored = 0 entry_point = 0x7ff9002c0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 2942 start_va = 0x7ff8f9f30000 end_va = 0x7ff8f9f46fff monitored = 0 entry_point = 0x7ff8f9f38230 region_type = mapped_file name = "xolehlp.dll" filename = "\\Windows\\System32\\xolehlp.dll" (normalized: "c:\\windows\\system32\\xolehlp.dll") Region: id = 2943 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2944 start_va = 0x7ff8ff1b0000 end_va = 0x7ff8ff259fff monitored = 0 entry_point = 0x7ff8ff1d7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2945 start_va = 0x7ff902250000 end_va = 0x7ff902257fff monitored = 0 entry_point = 0x7ff902251ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2946 start_va = 0x7ff900270000 end_va = 0x7ff9002a9fff monitored = 0 entry_point = 0x7ff900278d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 2947 start_va = 0x6c0000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 2948 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 2949 start_va = 0x480000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 2950 start_va = 0x820000 end_va = 0x9a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 2951 start_va = 0x9b0000 end_va = 0xb30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 2952 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.exe.mui" filename = "\\Windows\\System32\\en-US\\msdtc.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\msdtc.exe.mui") Region: id = 2953 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2954 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 2955 start_va = 0x6c0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 2956 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 2957 start_va = 0xb40000 end_va = 0xc1cfff monitored = 0 entry_point = 0xb9e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 2958 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2959 start_va = 0x180000000 end_va = 0x18013efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comres.dll" filename = "\\Windows\\System32\\comres.dll" (normalized: "c:\\windows\\system32\\comres.dll") Region: id = 2960 start_va = 0x540000 end_va = 0x547fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtcvsp1res.dll" filename = "\\Windows\\System32\\msdtcVSp1res.dll" (normalized: "c:\\windows\\system32\\msdtcvsp1res.dll") Region: id = 2965 start_va = 0xb40000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 2970 start_va = 0xbc0000 end_va = 0xc3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 2971 start_va = 0x7ff8f9130000 end_va = 0x7ff8f915efff monitored = 0 entry_point = 0x7ff8f9143620 region_type = mapped_file name = "mtxoci.dll" filename = "\\Windows\\System32\\mtxoci.dll" (normalized: "c:\\windows\\system32\\mtxoci.dll") Region: id = 2972 start_va = 0x7ff8f49b0000 end_va = 0x7ff8f49ddfff monitored = 1 entry_point = 0x7ff8f49b43a0 region_type = mapped_file name = "oci.dll" filename = "\\Windows\\System32\\oci.dll" (normalized: "c:\\windows\\system32\\oci.dll") Region: id = 2973 start_va = 0x550000 end_va = 0x550fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 2974 start_va = 0xc40000 end_va = 0xcbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c40000" filename = "" Region: id = 2975 start_va = 0xcc0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 2977 start_va = 0xdc0000 end_va = 0xe3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 2978 start_va = 0x7ff8fa1b0000 end_va = 0x7ff8fa1c5fff monitored = 0 entry_point = 0x7ff8fa1b1b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2979 start_va = 0x7ff8f8c20000 end_va = 0x7ff8f8c31fff monitored = 0 entry_point = 0x7ff8f8c23580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2980 start_va = 0x7ff8ffb50000 end_va = 0x7ff8ffb5bfff monitored = 0 entry_point = 0x7ff8ffb527e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2981 start_va = 0xe40000 end_va = 0xebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 2982 start_va = 0xec0000 end_va = 0x11f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2983 start_va = 0x1200000 end_va = 0x127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2984 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2985 start_va = 0x1280000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 2986 start_va = 0x7ff8ffc30000 end_va = 0x7ff8ffc60fff monitored = 0 entry_point = 0x7ff8ffc37d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2987 start_va = 0x560000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 2988 start_va = 0x1300000 end_va = 0x137ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 2989 start_va = 0x570000 end_va = 0x571fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2990 start_va = 0x580000 end_va = 0x583fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2991 start_va = 0x570000 end_va = 0x575fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2992 start_va = 0x580000 end_va = 0x587fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2993 start_va = 0x590000 end_va = 0x593fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2994 start_va = 0x590000 end_va = 0x595fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2995 start_va = 0x590000 end_va = 0x591fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2996 start_va = 0x590000 end_va = 0x59ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2997 start_va = 0x590000 end_va = 0x591fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2998 start_va = 0x590000 end_va = 0x593fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 2999 start_va = 0x590000 end_va = 0x595fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 3000 start_va = 0x590000 end_va = 0x597fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 3001 start_va = 0x1380000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001380000" filename = "" Region: id = 3002 start_va = 0x590000 end_va = 0x597fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 3003 start_va = 0x5a0000 end_va = 0x5a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtcvsp1res.dll.mui" filename = "\\Windows\\System32\\en-US\\msdtcVSp1res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msdtcvsp1res.dll.mui") Region: id = 3004 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 3005 start_va = 0x1400000 end_va = 0x147ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 3006 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3007 start_va = 0x7c0000 end_va = 0x7c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 3008 start_va = 0x1480000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 3009 start_va = 0x7ff901490000 end_va = 0x7ff901515fff monitored = 0 entry_point = 0x7ff90149d8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 3010 start_va = 0x7ff8ff4c0000 end_va = 0x7ff8ff4f1fff monitored = 0 entry_point = 0x7ff8ff4d2340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 3011 start_va = 0x7ff8f7720000 end_va = 0x7ff8f7754fff monitored = 0 entry_point = 0x7ff8f772a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 3012 start_va = 0x590000 end_va = 0x593fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 3013 start_va = 0x590000 end_va = 0x599fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 3014 start_va = 0x590000 end_va = 0x591fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msdtc.log" filename = "\\Windows\\System32\\MsDtc\\MSDTC.LOG" (normalized: "c:\\windows\\system32\\msdtc\\msdtc.log") Region: id = 3016 start_va = 0x1500000 end_va = 0x1541fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001500000" filename = "" Region: id = 3017 start_va = 0x1550000 end_va = 0x164ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001550000" filename = "" Region: id = 3019 start_va = 0x1500000 end_va = 0x1543fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001500000" filename = "" Region: id = 3021 start_va = 0xc40000 end_va = 0xc81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Region: id = 3023 start_va = 0xc40000 end_va = 0xc81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Thread: id = 421 os_tid = 0x13cc Thread: id = 422 os_tid = 0x13d0 Thread: id = 423 os_tid = 0x13d4 Thread: id = 424 os_tid = 0x13d8 [0144.540] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0144.540] GetProcAddress (hModule=0x7ff901280000, lpProcName="InitializeCriticalSectionEx") returned 0x7ff9012d7c50 [0144.540] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0144.541] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsAlloc") returned 0x7ff9012e7e50 [0144.541] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsSetValue") returned 0x7ff9012d3cb0 [0144.541] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0144.542] GetProcAddress (hModule=0x7ff901280000, lpProcName="InitializeCriticalSectionEx") returned 0x7ff9012d7c50 [0144.542] GetProcessHeap () returned 0x5c0000 [0144.542] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0144.542] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsAlloc") returned 0x7ff9012e7e50 [0144.542] GetLastError () returned 0x0 [0144.542] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsGetValue") returned 0x7ff9012c3780 [0144.542] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsSetValue") returned 0x7ff9012d3cb0 [0144.542] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c8) returned 0x5e6d80 [0144.543] SetLastError (dwErrCode=0x0) [0144.543] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1200) returned 0x5e7150 [0144.544] GetStartupInfoW (in: lpStartupInfo=0xc3e2a0 | out: lpStartupInfo=0xc3e2a0*(cb=0x68, lpReserved="", lpDesktop="", lpTitle="C:\\Windows\\System32\\msdtc.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0xc3e704, hStdError=0x1)) [0144.544] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0144.544] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0144.544] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0144.545] GetCommandLineA () returned="C:\\Windows\\System32\\msdtc.exe" [0144.545] GetCommandLineW () returned="C:\\Windows\\System32\\msdtc.exe" [0144.545] GetACP () returned 0x4e4 [0144.545] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x228) returned 0x5e8360 [0144.545] IsValidCodePage (CodePage=0x4e4) returned 1 [0144.545] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0xc3e260 | out: lpCPInfo=0xc3e260) returned 1 [0144.545] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0xc3db00 | out: lpCPInfo=0xc3db00) returned 1 [0144.545] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc3db20, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0144.545] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc3db20, cbMultiByte=256, lpWideCharStr=0xc3d850, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿp") returned 256 [0144.545] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿp", cchSrc=256, lpCharType=0xc3de20 | out: lpCharType=0xc3de20) returned 1 [0144.545] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc3db20, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0144.545] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc3db20, cbMultiByte=256, lpWideCharStr=0xc3d7f0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0144.545] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x7ff901280000 [0144.546] GetProcAddress (hModule=0x7ff901280000, lpProcName="LCMapStringEx") returned 0x7ff901295350 [0144.546] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0144.546] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0xc3d5e0, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌") returned 256 [0144.546] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ쳌", cchWideChar=256, lpMultiByteStr=0xc3dc20, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ¸ÝÃ", lpUsedDefaultChar=0x0) returned 256 [0144.546] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc3db20, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0144.546] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xc3db20, cbMultiByte=256, lpWideCharStr=0xc3d7f0, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 256 [0144.546] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0144.546] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=256, lpDestStr=0xc3d5e0, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌") returned 256 [0144.546] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ쳌", cchWideChar=256, lpMultiByteStr=0xc3dd20, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fH\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02h\x02(\x02(\x02(\x02(\x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02 \x02H\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x84\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x81\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x01\x03\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x10\x02\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x82\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x02\x03\x10\x02\x10\x02\x10\x02\x10\x02 \x02", lpUsedDefaultChar=0x0) returned 256 [0144.546] RtlInitializeSListHead (in: ListHead=0x7ff8f49d75f0 | out: ListHead=0x7ff8f49d75f0) [0144.546] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x5e8590 [0144.546] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xc3e0f0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\msdtc.exe" (normalized: "c:\\windows\\system32\\msdtc.exe")) returned 0x1d [0144.546] LoadLibraryExW (lpLibFileName="kernel32", hFile=0x0, dwFlags=0x800) returned 0x7ff901c50000 [0144.546] GetProcAddress (hModule=0x7ff901c50000, lpProcName="AreFileApisANSI") returned 0x7ff901c74820 [0144.546] AreFileApisANSI () returned 1 [0144.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\System32\\msdtc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0144.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\System32\\msdtc.exe", cchWideChar=-1, lpMultiByteStr=0x7ff8f49d7800, cbMultiByte=260, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\System32\\msdtc.exe", lpUsedDefaultChar=0x0) returned 30 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x2e) returned 0x5e5510 [0144.547] GetEnvironmentStringsW () returned 0x5e95a0* [0144.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1226, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1226 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x4ca) returned 0x5e9f40 [0144.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1226, lpMultiByteStr=0x5e9f40, cbMultiByte=1226, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1226 [0144.547] FreeEnvironmentStringsW (penv=0x5e95a0) returned 1 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0xf8) returned 0x5ca8e0 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1f) returned 0x5d2190 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x41) returned 0x5d56a0 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x31) returned 0x5e5350 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c) returned 0x5d5380 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x31) returned 0x5e5410 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x14) returned 0x5dfa40 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x24) returned 0x5d20a0 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x44) returned 0x5d5290 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x17) returned 0x5dfca0 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0xe) returned 0x5dfcc0 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0xa2) returned 0x5c5070 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3e) returned 0x5d5c40 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1d) returned 0x5d21c0 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x48) returned 0x5d53d0 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x12) returned 0x5dfd00 [0144.547] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x18) returned 0x5dfce0 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1b) returned 0x5d1ef0 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1e) returned 0x5d1f50 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x29) returned 0x5e51d0 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1e) returned 0x5d1f80 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x69) returned 0x5c4080 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x17) returned 0x5df980 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0xf) returned 0x5dfa00 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x16) returned 0x5dfa60 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x15) returned 0x5df9a0 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x14) returned 0x5dfa80 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x15) returned 0x5dfb00 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x11) returned 0x5e9770 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x35) returned 0x5e5550 [0144.548] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x12) returned 0x5e9c70 [0144.549] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5e9f40 | out: hHeap=0x5c0000) returned 1 [0144.549] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x7ff8f49b2b60, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0xc3e3c0 | out: lpThreadId=0xc3e3c0*=0x13dc) returned 0x1c8 Thread: id = 425 os_tid = 0x13dc [0144.558] GetLastError () returned 0x57 [0144.558] GetProcAddress (hModule=0x7ff901280000, lpProcName="FlsGetValue") returned 0x7ff9012c3780 [0144.559] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x80) returned 0x5c4190 [0144.559] SetLastError (dwErrCode=0x57) [0144.559] GetLastError () returned 0x57 [0144.559] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c8) returned 0x5ec0e0 [0144.559] SetLastError (dwErrCode=0x57) [0144.559] GetSystemInfo (in: lpSystemInfo=0xcbf7c0 | out: lpSystemInfo=0xcbf7c0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0144.559] GlobalMemoryStatusEx (in: lpBuffer=0xcbf780 | out: lpBuffer=0xcbf780) returned 1 [0144.559] CreateFileW (lpFileName="\\\\.\\PhysicalDrive0" (normalized: "\\device\\harddisk0\\dr0"), dwDesiredAccess=0x0, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1d8 [0144.559] DeviceIoControl (in: hDevice=0x1d8, dwIoControlCode=0x70000, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0xcbfa20, nOutBufferSize=0x18, lpBytesReturned=0xcbf770, lpOverlapped=0x0 | out: lpOutBuffer=0xcbfa20*, lpBytesReturned=0xcbf770*=0x18, lpOverlapped=0x0) returned 1 [0144.559] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.560] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.560] SetLastError (dwErrCode=0x0) [0144.560] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.561] GetLastError () returned 0x0 [0144.561] SetLastError (dwErrCode=0x0) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.562] GetLastError () returned 0x0 [0144.562] SetLastError (dwErrCode=0x0) [0144.562] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.563] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.563] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.563] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.563] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.563] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.563] GetLastError () returned 0x0 [0144.563] SetLastError (dwErrCode=0x0) [0144.563] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.564] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.564] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.564] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.564] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.564] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.564] GetLastError () returned 0x0 [0144.564] SetLastError (dwErrCode=0x0) [0144.564] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.565] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.565] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.565] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.565] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.565] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.565] GetLastError () returned 0x0 [0144.565] SetLastError (dwErrCode=0x0) [0144.565] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.566] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.566] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.566] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.566] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.566] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.566] GetLastError () returned 0x0 [0144.566] SetLastError (dwErrCode=0x0) [0144.566] GetLastError () returned 0x0 [0144.567] SetLastError (dwErrCode=0x0) [0144.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.567] GetLastError () returned 0x0 [0144.567] SetLastError (dwErrCode=0x0) [0144.567] GetLastError () returned 0x0 [0144.567] SetLastError (dwErrCode=0x0) [0144.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.567] GetLastError () returned 0x0 [0144.567] SetLastError (dwErrCode=0x0) [0144.567] GetLastError () returned 0x0 [0144.567] SetLastError (dwErrCode=0x0) [0144.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x813efe29, dwHighDateTime=0x1d947a8)) [0144.567] GetLastError () returned 0x0 [0144.567] SetLastError (dwErrCode=0x0) [0144.567] GetLastError () returned 0x0 [0144.567] SetLastError (dwErrCode=0x0) [0144.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.567] GetLastError () returned 0x0 [0144.567] SetLastError (dwErrCode=0x0) [0144.567] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.568] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.568] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.568] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.568] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.568] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.568] GetLastError () returned 0x0 [0144.568] SetLastError (dwErrCode=0x0) [0144.568] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.569] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.569] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.569] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.569] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.569] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.569] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.569] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.569] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.569] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.569] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.569] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.569] GetLastError () returned 0x0 [0144.569] SetLastError (dwErrCode=0x0) [0144.570] GetLastError () returned 0x0 [0144.570] SetLastError (dwErrCode=0x0) [0144.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.570] GetLastError () returned 0x0 [0144.570] SetLastError (dwErrCode=0x0) [0144.570] GetLastError () returned 0x0 [0144.570] SetLastError (dwErrCode=0x0) [0144.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.570] GetLastError () returned 0x0 [0144.570] SetLastError (dwErrCode=0x0) [0144.570] GetLastError () returned 0x0 [0144.570] SetLastError (dwErrCode=0x0) [0144.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.570] GetLastError () returned 0x0 [0144.570] SetLastError (dwErrCode=0x0) [0144.570] GetLastError () returned 0x0 [0144.570] SetLastError (dwErrCode=0x0) [0144.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.570] GetLastError () returned 0x0 [0144.570] SetLastError (dwErrCode=0x0) [0144.570] GetLastError () returned 0x0 [0144.570] SetLastError (dwErrCode=0x0) [0144.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.570] GetLastError () returned 0x0 [0144.570] SetLastError (dwErrCode=0x0) [0144.570] GetLastError () returned 0x0 [0144.570] SetLastError (dwErrCode=0x0) [0144.570] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.570] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.571] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.571] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.571] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.571] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.571] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetLastError () returned 0x0 [0144.571] SetLastError (dwErrCode=0x0) [0144.571] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.571] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.572] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.572] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.572] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.572] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.572] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.572] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.572] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.572] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.572] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.572] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.572] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.572] GetLastError () returned 0x0 [0144.572] SetLastError (dwErrCode=0x0) [0144.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.573] GetLastError () returned 0x0 [0144.573] SetLastError (dwErrCode=0x0) [0144.573] GetLastError () returned 0x0 [0144.573] SetLastError (dwErrCode=0x0) [0144.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.573] GetLastError () returned 0x0 [0144.573] SetLastError (dwErrCode=0x0) [0144.573] GetLastError () returned 0x0 [0144.573] SetLastError (dwErrCode=0x0) [0144.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.573] GetLastError () returned 0x0 [0144.573] SetLastError (dwErrCode=0x0) [0144.573] GetLastError () returned 0x0 [0144.573] SetLastError (dwErrCode=0x0) [0144.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.573] GetLastError () returned 0x0 [0144.573] SetLastError (dwErrCode=0x0) [0144.573] GetLastError () returned 0x0 [0144.573] SetLastError (dwErrCode=0x0) [0144.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.573] GetLastError () returned 0x0 [0144.573] SetLastError (dwErrCode=0x0) [0144.573] GetLastError () returned 0x0 [0144.573] SetLastError (dwErrCode=0x0) [0144.573] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.573] GetLastError () returned 0x0 [0144.573] SetLastError (dwErrCode=0x0) [0144.574] GetLastError () returned 0x0 [0144.574] SetLastError (dwErrCode=0x0) [0144.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.574] GetLastError () returned 0x0 [0144.574] SetLastError (dwErrCode=0x0) [0144.574] GetLastError () returned 0x0 [0144.574] SetLastError (dwErrCode=0x0) [0144.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.574] GetLastError () returned 0x0 [0144.574] SetLastError (dwErrCode=0x0) [0144.574] GetLastError () returned 0x0 [0144.574] SetLastError (dwErrCode=0x0) [0144.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.574] GetLastError () returned 0x0 [0144.574] SetLastError (dwErrCode=0x0) [0144.574] GetLastError () returned 0x0 [0144.574] SetLastError (dwErrCode=0x0) [0144.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.574] GetLastError () returned 0x0 [0144.574] SetLastError (dwErrCode=0x0) [0144.574] GetLastError () returned 0x0 [0144.574] SetLastError (dwErrCode=0x0) [0144.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.574] GetLastError () returned 0x0 [0144.574] SetLastError (dwErrCode=0x0) [0144.574] GetLastError () returned 0x0 [0144.574] SetLastError (dwErrCode=0x0) [0144.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.574] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.575] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.575] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.575] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.575] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.575] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetLastError () returned 0x0 [0144.575] SetLastError (dwErrCode=0x0) [0144.575] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.576] GetLastError () returned 0x0 [0144.576] SetLastError (dwErrCode=0x0) [0144.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.577] GetLastError () returned 0x0 [0144.577] SetLastError (dwErrCode=0x0) [0144.577] GetLastError () returned 0x0 [0144.577] SetLastError (dwErrCode=0x0) [0144.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.577] GetLastError () returned 0x0 [0144.577] SetLastError (dwErrCode=0x0) [0144.577] GetLastError () returned 0x0 [0144.577] SetLastError (dwErrCode=0x0) [0144.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.577] GetLastError () returned 0x0 [0144.577] SetLastError (dwErrCode=0x0) [0144.577] GetLastError () returned 0x0 [0144.577] SetLastError (dwErrCode=0x0) [0144.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.577] GetLastError () returned 0x0 [0144.577] SetLastError (dwErrCode=0x0) [0144.577] GetLastError () returned 0x0 [0144.577] SetLastError (dwErrCode=0x0) [0144.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.577] GetLastError () returned 0x0 [0144.577] SetLastError (dwErrCode=0x0) [0144.577] GetLastError () returned 0x0 [0144.577] SetLastError (dwErrCode=0x0) [0144.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.577] GetLastError () returned 0x0 [0144.577] SetLastError (dwErrCode=0x0) [0144.577] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.578] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.578] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.578] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.578] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.578] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.578] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.578] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.578] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.578] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.578] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.578] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.578] GetLastError () returned 0x0 [0144.578] SetLastError (dwErrCode=0x0) [0144.579] GetLastError () returned 0x0 [0144.579] SetLastError (dwErrCode=0x0) [0144.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.579] GetLastError () returned 0x0 [0144.579] SetLastError (dwErrCode=0x0) [0144.579] GetLastError () returned 0x0 [0144.579] SetLastError (dwErrCode=0x0) [0144.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.579] GetLastError () returned 0x0 [0144.579] SetLastError (dwErrCode=0x0) [0144.579] GetLastError () returned 0x0 [0144.579] SetLastError (dwErrCode=0x0) [0144.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.579] GetLastError () returned 0x0 [0144.579] SetLastError (dwErrCode=0x0) [0144.579] GetLastError () returned 0x0 [0144.579] SetLastError (dwErrCode=0x0) [0144.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.579] GetLastError () returned 0x0 [0144.579] SetLastError (dwErrCode=0x0) [0144.579] GetLastError () returned 0x0 [0144.579] SetLastError (dwErrCode=0x0) [0144.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.579] GetLastError () returned 0x0 [0144.579] SetLastError (dwErrCode=0x0) [0144.579] GetLastError () returned 0x0 [0144.579] SetLastError (dwErrCode=0x0) [0144.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.579] GetLastError () returned 0x0 [0144.580] SetLastError (dwErrCode=0x0) [0144.580] GetLastError () returned 0x0 [0144.580] SetLastError (dwErrCode=0x0) [0144.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.580] GetLastError () returned 0x0 [0144.580] SetLastError (dwErrCode=0x0) [0144.580] GetLastError () returned 0x0 [0144.580] SetLastError (dwErrCode=0x0) [0144.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.580] GetLastError () returned 0x0 [0144.580] SetLastError (dwErrCode=0x0) [0144.580] GetLastError () returned 0x0 [0144.580] SetLastError (dwErrCode=0x0) [0144.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.580] GetLastError () returned 0x0 [0144.580] SetLastError (dwErrCode=0x0) [0144.580] GetLastError () returned 0x0 [0144.580] SetLastError (dwErrCode=0x0) [0144.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.580] GetLastError () returned 0x0 [0144.580] SetLastError (dwErrCode=0x0) [0144.580] GetLastError () returned 0x0 [0144.580] SetLastError (dwErrCode=0x0) [0144.580] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.580] GetLastError () returned 0x0 [0144.580] SetLastError (dwErrCode=0x0) [0144.580] GetLastError () returned 0x0 [0144.581] SetLastError (dwErrCode=0x0) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetLastError () returned 0x0 [0144.581] SetLastError (dwErrCode=0x0) [0144.581] GetLastError () returned 0x0 [0144.581] SetLastError (dwErrCode=0x0) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.581] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.582] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x814160a8, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.584] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.585] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.586] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.587] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcbf730 | out: lpSystemTimeAsFileTime=0xcbf730*(dwLowDateTime=0x8143c453, dwHighDateTime=0x1d947a8)) [0144.596] FindFirstFileExW (in: lpFileName="I:\\*.*" (normalized: "i:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbebd0) returned 0xffffffffffffffff [0144.597] GetLastError () returned 0x3 [0144.597] GetLastError () returned 0x3 [0144.597] SetLastError (dwErrCode=0x3) [0144.602] FindFirstFileExW (in: lpFileName="H:\\*.*" (normalized: "h:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbebd0) returned 0xffffffffffffffff [0144.647] GetLastError () returned 0x3 [0144.647] GetLastError () returned 0x3 [0144.647] SetLastError (dwErrCode=0x3) [0144.655] FindFirstFileExW (in: lpFileName="G:\\*.*" (normalized: "g:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbebd0) returned 0xffffffffffffffff [0144.655] GetLastError () returned 0x3 [0144.655] GetLastError () returned 0x3 [0144.655] SetLastError (dwErrCode=0x3) [0144.663] FindFirstFileExW (in: lpFileName="F:\\*.*" (normalized: "f:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbebd0) returned 0xffffffffffffffff [0144.663] GetLastError () returned 0x3 [0144.663] GetLastError () returned 0x3 [0144.663] SetLastError (dwErrCode=0x3) [0144.671] FindFirstFileExW (in: lpFileName="E:\\*.*" (normalized: "e:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbebd0) returned 0xffffffffffffffff [0144.671] GetLastError () returned 0x3 [0144.671] GetLastError () returned 0x3 [0144.671] SetLastError (dwErrCode=0x3) [0144.678] FindFirstFileExW (in: lpFileName="D:\\*.*" (normalized: "d:\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbebd0) returned 0xffffffffffffffff [0144.690] GetLastError () returned 0x3 [0144.690] GetLastError () returned 0x3 [0144.690] SetLastError (dwErrCode=0x3) [0144.690] FindFirstFileExW (in: lpFileName="C:\\Users\\*.*" (normalized: "c:\\users\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbebd0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbebd0) returned 0x5d0740 [0144.691] FileTimeToSystemTime (in: lpFileTime=0xcbebd4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.691] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.692] GetEnvironmentStringsW () returned 0x5ee860* [0144.692] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x994) returned 0x5ef200 [0144.692] FreeEnvironmentStringsW (penv=0x5ee860) returned 1 [0144.692] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0xf8) returned 0x5efba0 [0144.692] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3e) returned 0x5d5c90 [0144.692] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x82) returned 0x5c36b0 [0144.692] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x62) returned 0x5d1b00 [0144.692] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x78) returned 0x5efca0 [0144.692] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x62) returned 0x5efd20 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x28) returned 0x5caaf0 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x48) returned 0x5d5ce0 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x88) returned 0x5efd90 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x2e) returned 0x5e5210 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1c) returned 0x5caf10 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x144) returned 0x5efe20 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x7c) returned 0x5ee860 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3a) returned 0x5d5970 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x90) returned 0x5d1390 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x24) returned 0x5cafa0 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x30) returned 0x5e5110 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x36) returned 0x5e4fd0 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c) returned 0x5d5010 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x52) returned 0x5cfc60 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c) returned 0x5d56f0 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0xd2) returned 0x5e69a0 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x2e) returned 0x5e5650 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1e) returned 0x5cabe0 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x2c) returned 0x5e5450 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x2a) returned 0x5e5310 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x28) returned 0x5cb000 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x2a) returned 0x5e5050 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x22) returned 0x5cac10 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x6a) returned 0x5ee8f0 [0144.693] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x24) returned 0x5cac70 [0144.694] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5ef200 | out: hHeap=0x5c0000) returned 1 [0144.694] GetTimeZoneInformation (in: lpTimeZoneInformation=0x7ff8f49d8280 | out: lpTimeZoneInformation=0x7ff8f49d8280) returned 0x1 [0144.694] GetLastError () returned 0x3 [0144.694] SetLastError (dwErrCode=0x3) [0144.694] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="W. Europe Standard Time", cchWideChar=-1, lpMultiByteStr=0x7ff8f49d6a20, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="W. Europe Standard Time", lpUsedDefaultChar=0x0) returned 24 [0144.694] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="W. Europe Daylight Time", cchWideChar=-1, lpMultiByteStr=0x7ff8f49d6a60, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="W. Europe Daylight Time", lpUsedDefaultChar=0x0) returned 24 [0144.695] FileTimeToSystemTime (in: lpFileTime=0xcbebdc, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.695] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.695] FileTimeToSystemTime (in: lpFileTime=0xcbebe4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.695] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.695] FindNextFileW (in: hFindFile=0x5d0740, lpFindFileData=0xcbebd0 | out: lpFindFileData=0xcbebd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x3ce179de, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3ce179de, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa872aee3, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.695] FileTimeToSystemTime (in: lpFileTime=0xcbebd4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.695] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.695] FileTimeToSystemTime (in: lpFileTime=0xcbebdc, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.695] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.695] FileTimeToSystemTime (in: lpFileTime=0xcbebe4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.695] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.696] FindNextFileW (in: hFindFile=0x5d0740, lpFindFileData=0xcbebd0 | out: lpFindFileData=0xcbebd0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x4f6643a1, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x4f6643a1, ftLastAccessTime.dwHighDateTime=0x1d112ea, ftLastWriteTime.dwLowDateTime=0x4f6643a1, ftLastWriteTime.dwHighDateTime=0x1d112ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0144.696] FileTimeToSystemTime (in: lpFileTime=0xcbebd4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.696] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.696] FileTimeToSystemTime (in: lpFileTime=0xcbebdc, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.696] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.696] FileTimeToSystemTime (in: lpFileTime=0xcbebe4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.696] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.696] FindNextFileW (in: hFindFile=0x5d0740, lpFindFileData=0xcbebd0 | out: lpFindFileData=0xcbebd0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0144.696] FileTimeToSystemTime (in: lpFileTime=0xcbebd4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.696] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.696] FileTimeToSystemTime (in: lpFileTime=0xcbebdc, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.696] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.696] FileTimeToSystemTime (in: lpFileTime=0xcbebe4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.696] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.697] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\*.*" (normalized: "c:\\users\\default\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbe2e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbe2e0) returned 0x5cff00 [0144.697] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.697] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.697] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.697] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.697] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.697] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.697] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x31bae0f4, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x70, cFileName="..", cAlternateFileName="")) returned 1 [0144.698] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.698] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.698] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.698] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.698] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.698] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.698] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x70, cFileName="AppData", cAlternateFileName="")) returned 1 [0144.698] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.698] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.699] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.699] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.699] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.699] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.699] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d54d8a8, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d54d8a8, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d54d8a8, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x70, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0144.699] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.699] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.699] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.699] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.699] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.699] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.699] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Application Data\\*.*" (normalized: "c:\\users\\default\\application data\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.700] GetLastError () returned 0x5 [0144.700] GetLastError () returned 0x5 [0144.700] SetLastError (dwErrCode=0x5) [0144.700] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x70, cFileName="Cookies", cAlternateFileName="")) returned 1 [0144.700] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.700] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.700] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.700] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.700] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.700] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.701] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Cookies\\*.*" (normalized: "c:\\users\\default\\cookies\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.701] GetLastError () returned 0x5 [0144.701] GetLastError () returned 0x5 [0144.701] SetLastError (dwErrCode=0x5) [0144.701] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x70, cFileName="Desktop", cAlternateFileName="")) returned 1 [0144.701] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.701] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.701] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.701] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.701] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.701] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.701] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Desktop\\*.*" (normalized: "c:\\users\\default\\desktop\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5d0500 [0144.702] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.702] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.702] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.702] FindNextFileW (in: hFindFile=0x5d0500, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 1 [0144.702] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.702] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.702] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.703] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.703] FindNextFileW (in: hFindFile=0x5d0500, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 0 [0144.703] GetLastError () returned 0x12 [0144.703] GetLastError () returned 0x12 [0144.703] SetLastError (dwErrCode=0x12) [0144.703] FindClose (in: hFindFile=0x5d0500 | out: hFindFile=0x5d0500) returned 1 [0144.703] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x70, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0144.703] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.703] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.703] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.703] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.704] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.704] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.704] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Documents\\*.*" (normalized: "c:\\users\\default\\documents\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5d02c0 [0144.705] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.705] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.706] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.706] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.706] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0144.706] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.706] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.706] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.706] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0144.706] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.707] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.707] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.707] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.707] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.707] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*.*" (normalized: "c:\\users\\default\\documents\\my music\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0xffffffffffffffff [0144.707] GetLastError () returned 0x5 [0144.707] GetLastError () returned 0x5 [0144.707] SetLastError (dwErrCode=0x5) [0144.707] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0144.707] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.707] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.708] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.708] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.708] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.708] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.708] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*.*" (normalized: "c:\\users\\default\\documents\\my pictures\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0xffffffffffffffff [0144.708] GetLastError () returned 0x5 [0144.708] GetLastError () returned 0x5 [0144.708] SetLastError (dwErrCode=0x5) [0144.708] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0144.708] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.708] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.709] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.709] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.709] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.709] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.709] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*.*" (normalized: "c:\\users\\default\\documents\\my videos\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0xffffffffffffffff [0144.709] GetLastError () returned 0x5 [0144.709] GetLastError () returned 0x5 [0144.709] SetLastError (dwErrCode=0x5) [0144.709] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="My Videos", cAlternateFileName="")) returned 0 [0144.709] GetLastError () returned 0x12 [0144.709] GetLastError () returned 0x12 [0144.709] SetLastError (dwErrCode=0x12) [0144.709] FindClose (in: hFindFile=0x5d02c0 | out: hFindFile=0x5d02c0) returned 1 [0144.710] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x63006f, dwReserved1=0x6d0075, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0144.711] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.711] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.711] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.711] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.711] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.711] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.711] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Downloads\\*.*" (normalized: "c:\\users\\default\\downloads\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5cfae0 [0144.711] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.711] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.711] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.711] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.711] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.712] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.712] FindNextFileW (in: hFindFile=0x5cfae0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0144.712] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.712] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.712] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.712] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.712] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.712] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.712] FindNextFileW (in: hFindFile=0x5cfae0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0144.712] GetLastError () returned 0x12 [0144.712] GetLastError () returned 0x12 [0144.712] SetLastError (dwErrCode=0x12) [0144.712] FindClose (in: hFindFile=0x5cfae0 | out: hFindFile=0x5cfae0) returned 1 [0144.713] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x63006f, dwReserved1=0x6d0075, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0144.713] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.713] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.713] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.713] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.713] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.713] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.713] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Favorites\\*.*" (normalized: "c:\\users\\default\\favorites\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5d0320 [0144.713] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.713] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.713] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.713] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.713] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.713] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.714] FindNextFileW (in: hFindFile=0x5d0320, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0144.714] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.714] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.714] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.714] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.714] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.714] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.714] FindNextFileW (in: hFindFile=0x5d0320, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0144.714] GetLastError () returned 0x12 [0144.714] GetLastError () returned 0x12 [0144.714] SetLastError (dwErrCode=0x12) [0144.714] FindClose (in: hFindFile=0x5d0320 | out: hFindFile=0x5d0320) returned 1 [0144.714] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x63006f, dwReserved1=0x6d0075, cFileName="Links", cAlternateFileName="")) returned 1 [0144.714] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.715] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.715] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.715] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.715] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.715] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.715] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Links\\*.*" (normalized: "c:\\users\\default\\links\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5cff60 [0144.715] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.715] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.715] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.715] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.715] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.716] FindNextFileW (in: hFindFile=0x5cff60, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0144.716] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.716] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.716] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.716] FindNextFileW (in: hFindFile=0x5cff60, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0144.716] GetLastError () returned 0x12 [0144.716] GetLastError () returned 0x12 [0144.716] SetLastError (dwErrCode=0x12) [0144.716] FindClose (in: hFindFile=0x5cff60 | out: hFindFile=0x5cff60) returned 1 [0144.716] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0144.717] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.717] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.717] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.717] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Local Settings\\*.*" (normalized: "c:\\users\\default\\local settings\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.717] GetLastError () returned 0x5 [0144.717] GetLastError () returned 0x5 [0144.717] SetLastError (dwErrCode=0x5) [0144.717] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Music", cAlternateFileName="")) returned 1 [0144.717] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.717] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.718] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.718] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.718] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.718] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Music\\*.*" (normalized: "c:\\users\\default\\music\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5d02c0 [0144.718] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.718] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.718] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.718] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.718] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.718] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.718] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0144.719] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.719] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.719] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.719] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.719] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.719] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.719] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0144.719] GetLastError () returned 0x12 [0144.719] GetLastError () returned 0x12 [0144.719] SetLastError (dwErrCode=0x12) [0144.719] FindClose (in: hFindFile=0x5d02c0 | out: hFindFile=0x5d02c0) returned 1 [0144.719] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d527734, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d527734, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d527734, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0144.719] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.719] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.720] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.720] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.720] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.720] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.720] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\My Documents\\*.*" (normalized: "c:\\users\\default\\my documents\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.720] GetLastError () returned 0x5 [0144.720] GetLastError () returned 0x5 [0144.720] SetLastError (dwErrCode=0x5) [0144.720] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NetHood", cAlternateFileName="")) returned 1 [0144.720] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.720] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.720] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.720] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.721] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.721] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.721] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\NetHood\\*.*" (normalized: "c:\\users\\default\\nethood\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.721] GetLastError () returned 0x5 [0144.721] GetLastError () returned 0x5 [0144.721] SetLastError (dwErrCode=0x5) [0144.721] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x31bfa5a5, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0xea64ab63, ftLastAccessTime.dwHighDateTime=0x1d705cc, ftLastWriteTime.dwLowDateTime=0xea64ab63, ftLastWriteTime.dwHighDateTime=0x1d705cc, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0144.721] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.721] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.721] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.721] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.721] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.721] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.722] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x31cb9166, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x31cb9166, ftLastAccessTime.dwHighDateTime=0x1d112dc, ftLastWriteTime.dwLowDateTime=0x31cb9166, ftLastWriteTime.dwHighDateTime=0x1d112dc, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0144.722] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.722] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.722] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.722] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x31cb9166, ftCreationTime.dwHighDateTime=0x1d112dc, ftLastAccessTime.dwLowDateTime=0x31cb9166, ftLastAccessTime.dwHighDateTime=0x1d112dc, ftLastWriteTime.dwLowDateTime=0x31cb9166, ftLastWriteTime.dwHighDateTime=0x1d112dc, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0144.722] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.722] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.722] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.723] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d5f4e96, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d5f4e96, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0144.723] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.723] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.723] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.723] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.723] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.723] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.723] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d5f4e96, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d5f4e96, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0144.723] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.723] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.729] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.729] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.729] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.729] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.729] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8d61ae52, ftCreationTime.dwHighDateTime=0x1d700aa, ftLastAccessTime.dwLowDateTime=0x8d61ae52, ftLastAccessTime.dwHighDateTime=0x1d700aa, ftLastWriteTime.dwLowDateTime=0x8d61ae52, ftLastWriteTime.dwHighDateTime=0x1d700aa, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0144.729] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.729] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.729] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.729] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.730] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.730] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.730] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Pictures", cAlternateFileName="")) returned 1 [0144.730] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.730] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.730] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.730] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.730] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.730] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.730] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Pictures\\*.*" (normalized: "c:\\users\\default\\pictures\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5cff60 [0144.731] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.731] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.731] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.731] FindNextFileW (in: hFindFile=0x5cff60, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0144.731] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.731] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.731] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.732] FindNextFileW (in: hFindFile=0x5cff60, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0144.732] GetLastError () returned 0x12 [0144.732] GetLastError () returned 0x12 [0144.732] SetLastError (dwErrCode=0x12) [0144.732] FindClose (in: hFindFile=0x5cff60 | out: hFindFile=0x5cff60) returned 1 [0144.732] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0144.732] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.732] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.732] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.732] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.732] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.732] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.732] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*.*" (normalized: "c:\\users\\default\\printhood\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.733] GetLastError () returned 0x5 [0144.733] GetLastError () returned 0x5 [0144.733] SetLastError (dwErrCode=0x5) [0144.733] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Recent", cAlternateFileName="")) returned 1 [0144.733] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.733] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.733] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.733] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.733] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.733] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.733] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Recent\\*.*" (normalized: "c:\\users\\default\\recent\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.733] GetLastError () returned 0x5 [0144.733] GetLastError () returned 0x5 [0144.734] SetLastError (dwErrCode=0x5) [0144.734] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0144.734] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.734] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.734] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.734] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.734] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.734] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.734] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*.*" (normalized: "c:\\users\\default\\saved games\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5d0320 [0144.734] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.734] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.734] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.735] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.735] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.735] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.735] FindNextFileW (in: hFindFile=0x5d0320, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0144.735] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.735] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.735] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.735] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.735] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.735] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.735] FindNextFileW (in: hFindFile=0x5d0320, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0144.735] GetLastError () returned 0x12 [0144.735] GetLastError () returned 0x12 [0144.735] SetLastError (dwErrCode=0x12) [0144.736] FindClose (in: hFindFile=0x5d0320 | out: hFindFile=0x5d0320) returned 1 [0144.736] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="SendTo", cAlternateFileName="")) returned 1 [0144.736] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.736] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.736] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.736] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.736] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.736] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.736] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\SendTo\\*.*" (normalized: "c:\\users\\default\\sendto\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.736] GetLastError () returned 0x5 [0144.736] GetLastError () returned 0x5 [0144.736] SetLastError (dwErrCode=0x5) [0144.736] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0144.736] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.737] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.737] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.737] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.737] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.737] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.737] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*.*" (normalized: "c:\\users\\default\\start menu\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.737] GetLastError () returned 0x5 [0144.737] GetLastError () returned 0x5 [0144.737] SetLastError (dwErrCode=0x5) [0144.737] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x5d599f22, ftCreationTime.dwHighDateTime=0x1d7005f, ftLastAccessTime.dwLowDateTime=0x5d599f22, ftLastAccessTime.dwHighDateTime=0x1d7005f, ftLastWriteTime.dwLowDateTime=0x5d599f22, ftLastWriteTime.dwHighDateTime=0x1d7005f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0144.737] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.737] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.737] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.737] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.738] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.738] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.738] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Templates\\*.*" (normalized: "c:\\users\\default\\templates\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.738] GetLastError () returned 0x5 [0144.738] GetLastError () returned 0x5 [0144.738] SetLastError (dwErrCode=0x5) [0144.738] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Videos", cAlternateFileName="")) returned 1 [0144.738] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.738] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.738] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.738] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.738] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.738] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.739] FindFirstFileExW (in: lpFileName="C:\\Users\\Default\\Videos\\*.*" (normalized: "c:\\users\\default\\videos\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5d07a0 [0144.739] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.739] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.739] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.739] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.739] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.739] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.739] FindNextFileW (in: hFindFile=0x5d07a0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0144.739] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.739] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.740] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.740] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.740] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.740] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.740] FindNextFileW (in: hFindFile=0x5d07a0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 0 [0144.740] GetLastError () returned 0x12 [0144.740] GetLastError () returned 0x12 [0144.740] SetLastError (dwErrCode=0x12) [0144.740] FindClose (in: hFindFile=0x5d07a0 | out: hFindFile=0x5d07a0) returned 1 [0144.740] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xd9eaaa, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xd9eaaa, ftLastAccessTime.dwHighDateTime=0x1d112e4, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6d0075, cFileName="Videos", cAlternateFileName="翸")) returned 0 [0144.740] GetLastError () returned 0x12 [0144.740] GetLastError () returned 0x12 [0144.741] SetLastError (dwErrCode=0x12) [0144.741] FindClose (in: hFindFile=0x5cff00 | out: hFindFile=0x5cff00) returned 1 [0144.741] FindNextFileW (in: hFindFile=0x5d0740, lpFindFileData=0xcbebd0 | out: lpFindFileData=0xcbebd0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x4f6643a1, ftCreationTime.dwHighDateTime=0x1d112ea, ftLastAccessTime.dwLowDateTime=0x4f6643a1, ftLastAccessTime.dwHighDateTime=0x1d112ea, ftLastWriteTime.dwLowDateTime=0x4f6643a1, ftLastWriteTime.dwHighDateTime=0x1d112ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x6f0065, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0144.741] FileTimeToSystemTime (in: lpFileTime=0xcbebd4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.741] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.741] FileTimeToSystemTime (in: lpFileTime=0xcbebdc, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.741] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.741] FileTimeToSystemTime (in: lpFileTime=0xcbebe4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.741] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.741] FindFirstFileExW (in: lpFileName="C:\\Users\\Default User\\*.*" (normalized: "c:\\users\\default user\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbe2e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbe2e0) returned 0xffffffffffffffff [0144.741] GetLastError () returned 0x5 [0144.741] GetLastError () returned 0x5 [0144.742] SetLastError (dwErrCode=0x5) [0144.742] FindNextFileW (in: hFindFile=0x5d0740, lpFindFileData=0xcbebd0 | out: lpFindFileData=0xcbebd0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3757c8c, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x973af366, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x786c9882, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x51b0, dwReserved0=0xa0000003, dwReserved1=0x6f0065, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0144.742] FileTimeToSystemTime (in: lpFileTime=0xcbebd4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.742] FileTimeToSystemTime (in: lpFileTime=0xcbebdc, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.742] FileTimeToSystemTime (in: lpFileTime=0xcbebe4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.742] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.744] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x58) returned 0x5cffc0 [0144.744] CreateFileW (lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb4aa8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0144.744] GetFileType (hFile=0x214) returned 0x1 [0144.744] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0xcb4c38, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb4c38*=20912) returned 1 [0144.744] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0xcb4be8, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb4be8*=20912) returned 1 [0144.745] SetFilePointerEx (in: hFile=0x214, liDistanceToMove=0x0, lpNewFilePointer=0xcb4c38, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb4c38*=0) returned 1 [0144.745] ReadFile (in: hFile=0x214, lpBuffer=0xcb4df0, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb4ba8, lpOverlapped=0x0 | out: lpBuffer=0xcb4df0*, lpNumberOfBytesRead=0xcb4ba8*=0x5000, lpOverlapped=0x0) returned 1 [0144.745] CloseHandle (hObject=0x214) returned 1 [0144.745] FindNextFileW (in: hFindFile=0x5d0740, lpFindFileData=0xcbebd0 | out: lpFindFileData=0xcbebd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xdc4d01, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0144.745] FileTimeToSystemTime (in: lpFileTime=0xcbebd4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.746] FileTimeToSystemTime (in: lpFileTime=0xcbebdc, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.746] FileTimeToSystemTime (in: lpFileTime=0xcbebe4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.746] FindNextFileW (in: hFindFile=0x5d0740, lpFindFileData=0xcbebd0 | out: lpFindFileData=0xcbebd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RDhJ0CNFevzX", cAlternateFileName="RDHJ0C~1")) returned 1 [0144.746] FileTimeToSystemTime (in: lpFileTime=0xcbebd4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.746] FileTimeToSystemTime (in: lpFileTime=0xcbebdc, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.746] FileTimeToSystemTime (in: lpFileTime=0xcbebe4, lpSystemTime=0xcbeb70 | out: lpSystemTime=0xcbeb70) returned 1 [0144.746] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbeb70, lpLocalTime=0xcbeb60 | out: lpLocalTime=0xcbeb60) returned 1 [0144.746] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbe2e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbe2e0) returned 0x5d02c0 [0144.747] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.747] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.747] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.747] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.747] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.747] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.747] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce179de, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x84ac775d, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84ac775d, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.747] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.747] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.747] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.747] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.748] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.748] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.748] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0144.748] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.748] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.748] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.748] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.748] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.748] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.748] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0144.748] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.748] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.748] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.748] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.748] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.749] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.749] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Application Data\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\application data\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.749] GetLastError () returned 0x5 [0144.749] GetLastError () returned 0x5 [0144.749] SetLastError (dwErrCode=0x5) [0144.749] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0144.749] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.749] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.749] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.749] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.749] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.749] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.750] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5cf900 [0144.750] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.750] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.750] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.750] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.750] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.750] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.750] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 1 [0144.750] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.750] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.751] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.751] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.751] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.751] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.751] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x78789031, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x52a0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0144.751] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.751] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.751] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.751] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.751] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.751] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.752] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.752] GetFileType (hFile=0x21c) returned 0x1 [0144.752] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21152) returned 1 [0144.752] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21152) returned 1 [0144.753] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.753] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.753] CloseHandle (hObject=0x21c) returned 1 [0144.753] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.754] GetLastError () returned 0x12 [0144.754] GetLastError () returned 0x12 [0144.754] SetLastError (dwErrCode=0x12) [0144.754] FindClose (in: hFindFile=0x5cf900 | out: hFindFile=0x5cf900) returned 1 [0144.754] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0144.754] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.754] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.754] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.754] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.754] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.754] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.754] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Cookies\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\cookies\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0144.755] GetLastError () returned 0x5 [0144.755] GetLastError () returned 0x5 [0144.755] SetLastError (dwErrCode=0x5) [0144.755] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x70b46c13, ftLastAccessTime.dwHighDateTime=0x1d947a8, ftLastWriteTime.dwLowDateTime=0x70b46c13, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0144.755] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.755] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.755] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.755] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.756] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.756] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.756] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5cff00 [0144.756] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.756] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.756] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.756] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.756] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.756] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.756] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x70b46c13, ftLastAccessTime.dwHighDateTime=0x1d947a8, ftLastWriteTime.dwLowDateTime=0x70b46c13, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0144.756] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.757] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.757] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.757] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcaea0430, ftCreationTime.dwHighDateTime=0x1d92827, ftLastAccessTime.dwLowDateTime=0x3c79bef0, ftLastAccessTime.dwHighDateTime=0x1d92eaa, ftLastWriteTime.dwLowDateTime=0x78789031, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x7820, dwReserved0=0x0, dwReserved1=0x1, cFileName="-wj2uLeM9ZxLBKGeYYU.ots", cAlternateFileName="-WJ2UL~1.OTS")) returned 1 [0144.757] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.757] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.757] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.757] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.758] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\-wj2uLeM9ZxLBKGeYYU.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\-wj2ulem9zxlbkgeyyu.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.758] GetFileType (hFile=0x21c) returned 0x1 [0144.758] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=30752) returned 1 [0144.758] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=30752) returned 1 [0144.758] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.758] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.759] CloseHandle (hObject=0x21c) returned 1 [0144.759] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23335060, ftCreationTime.dwHighDateTime=0x1d93386, ftLastAccessTime.dwLowDateTime=0xb4448720, ftLastAccessTime.dwHighDateTime=0x1d93586, ftLastWriteTime.dwLowDateTime=0x78846f96, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x191ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="3Oo-oJ1w8Hl 28.ppt", cAlternateFileName="3OO-OJ~1.PPT")) returned 1 [0144.759] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.759] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.759] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.759] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.760] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.760] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.760] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\3Oo-oJ1w8Hl 28.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\3oo-oj1w8hl 28.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.760] GetFileType (hFile=0x21c) returned 0x1 [0144.760] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=102830) returned 1 [0144.760] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=102830) returned 1 [0144.761] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0144.761] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x191ae) returned 0x5f1f90 [0144.763] ReadFile (in: hFile=0x21c, lpBuffer=0x5f1f90, nNumberOfBytesToRead=0x19000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x5f1f90*, lpNumberOfBytesRead=0xcbdaf8*=0x19000, lpOverlapped=0x0) returned 1 [0144.765] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60b150 [0144.766] ReadFile (in: hFile=0x21c, lpBuffer=0x60b150, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x60b150*, lpNumberOfBytesRead=0xcbda88*=0x1ae, lpOverlapped=0x0) returned 1 [0144.766] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60b150 | out: hHeap=0x5c0000) returned 1 [0144.766] CloseHandle (hObject=0x21c) returned 1 [0144.767] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5f1f90 | out: hHeap=0x5c0000) returned 1 [0144.767] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9339810, ftCreationTime.dwHighDateTime=0x1d93477, ftLastAccessTime.dwLowDateTime=0x25dac750, ftLastAccessTime.dwHighDateTime=0x1d935c3, ftLastWriteTime.dwLowDateTime=0x788df8dc, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x94a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4QAqOmrwkjZgC0q wG.mp3", cAlternateFileName="4QAQOM~1.MP3")) returned 1 [0144.767] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.767] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.768] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.768] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.768] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.768] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.768] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\4QAqOmrwkjZgC0q wG.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\4qaqomrwkjzgc0q wg.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.768] GetFileType (hFile=0x21c) returned 0x1 [0144.768] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=38048) returned 1 [0144.769] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=38048) returned 1 [0144.769] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.769] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.769] CloseHandle (hObject=0x21c) returned 1 [0144.770] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd1b1310, ftCreationTime.dwHighDateTime=0x1d927ee, ftLastAccessTime.dwLowDateTime=0xd1001880, ftLastAccessTime.dwHighDateTime=0x1d9353a, ftLastWriteTime.dwLowDateTime=0x78aa95d6, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xc7c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="7fne DlNV.bmp", cAlternateFileName="7FNEDL~1.BMP")) returned 1 [0144.770] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.770] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.770] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.770] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.770] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.770] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.770] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\7fne DlNV.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\7fne dlnv.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.771] GetFileType (hFile=0x21c) returned 0x1 [0144.771] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=51137) returned 1 [0144.771] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=51137) returned 1 [0144.771] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.771] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.772] CloseHandle (hObject=0x21c) returned 1 [0144.772] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48e701a0, ftCreationTime.dwHighDateTime=0x1d92c68, ftLastAccessTime.dwLowDateTime=0xbd8e0e80, ftLastAccessTime.dwHighDateTime=0x1d932ea, ftLastWriteTime.dwLowDateTime=0x78d0bab8, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1cbcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="8zluCg7.png", cAlternateFileName="")) returned 1 [0144.772] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.772] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.772] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.772] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.772] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.772] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.773] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\8zluCg7.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\8zlucg7.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.773] GetFileType (hFile=0x21c) returned 0x1 [0144.773] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=117709) returned 1 [0144.773] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=117709) returned 1 [0144.773] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.773] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.774] CloseHandle (hObject=0x21c) returned 1 [0144.774] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3af34350, ftCreationTime.dwHighDateTime=0x1d9324a, ftLastAccessTime.dwLowDateTime=0x45288130, ftLastAccessTime.dwHighDateTime=0x1d935b7, ftLastWriteTime.dwLowDateTime=0x78dca67c, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1982d, dwReserved0=0x0, dwReserved1=0x0, cFileName="B9YZmfaSyzYcy.wav", cAlternateFileName="B9YZMF~1.WAV")) returned 1 [0144.774] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.774] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.774] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.774] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.774] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.774] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.775] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\B9YZmfaSyzYcy.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\b9yzmfasyzycy.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.775] GetFileType (hFile=0x21c) returned 0x1 [0144.775] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=104493) returned 1 [0144.775] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=104493) returned 1 [0144.775] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.775] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.776] CloseHandle (hObject=0x21c) returned 1 [0144.776] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbadca360, ftCreationTime.dwHighDateTime=0x1d93298, ftLastAccessTime.dwLowDateTime=0x2094890, ftLastAccessTime.dwHighDateTime=0x1d93557, ftLastWriteTime.dwLowDateTime=0x2094890, ftLastWriteTime.dwHighDateTime=0x1d93557, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg40Nk k8gAEKN", cAlternateFileName="BG40NK~1")) returned 1 [0144.776] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.776] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.776] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.777] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x5d04a0 [0144.777] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.777] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.777] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.777] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbadca360, ftCreationTime.dwHighDateTime=0x1d93298, ftLastAccessTime.dwLowDateTime=0x2094890, ftLastAccessTime.dwHighDateTime=0x1d93557, ftLastWriteTime.dwLowDateTime=0x2094890, ftLastWriteTime.dwHighDateTime=0x1d93557, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.777] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.777] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.778] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.778] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.778] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.778] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.778] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc8a5020, ftCreationTime.dwHighDateTime=0x1d93135, ftLastAccessTime.dwLowDateTime=0xf0590700, ftLastAccessTime.dwHighDateTime=0x1d9313e, ftLastWriteTime.dwLowDateTime=0x797fd292, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x6420, dwReserved0=0x0, dwReserved1=0x0, cFileName="cWfz.ods", cAlternateFileName="")) returned 1 [0144.778] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.778] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.778] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.778] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.778] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.778] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.779] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\cWfz.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\cwfz.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.779] GetFileType (hFile=0x220) returned 0x1 [0144.779] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=25632) returned 1 [0144.779] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=25632) returned 1 [0144.779] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.779] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.781] CloseHandle (hObject=0x220) returned 1 [0144.781] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6060380, ftCreationTime.dwHighDateTime=0x1d935a3, ftLastAccessTime.dwLowDateTime=0xdf512100, ftLastAccessTime.dwHighDateTime=0x1d93606, ftLastWriteTime.dwLowDateTime=0x799c6ea2, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1ab7b, dwReserved0=0x0, dwReserved1=0x0, cFileName="ESCJ7tJ.pps", cAlternateFileName="")) returned 1 [0144.781] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.782] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.782] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.782] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.782] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.782] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.782] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\ESCJ7tJ.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\escj7tj.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.782] GetFileType (hFile=0x220) returned 0x1 [0144.782] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=109435) returned 1 [0144.783] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=109435) returned 1 [0144.783] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.783] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.783] CloseHandle (hObject=0x220) returned 1 [0144.783] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3014c80, ftCreationTime.dwHighDateTime=0x1d92ae9, ftLastAccessTime.dwLowDateTime=0xb0ba17b0, ftLastAccessTime.dwHighDateTime=0x1d92ebe, ftLastWriteTime.dwLowDateTime=0x79ad1fcc, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x94e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hBWRR5BfsYn2.avi", cAlternateFileName="HBWRR5~1.AVI")) returned 1 [0144.783] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.784] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.784] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.784] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.784] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.784] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.784] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\hBWRR5BfsYn2.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\hbwrr5bfsyn2.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.784] GetFileType (hFile=0x220) returned 0x1 [0144.785] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=38112) returned 1 [0144.785] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=38112) returned 1 [0144.785] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.785] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.785] CloseHandle (hObject=0x220) returned 1 [0144.786] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28160d20, ftCreationTime.dwHighDateTime=0x1d93359, ftLastAccessTime.dwLowDateTime=0xac69ba10, ftLastAccessTime.dwHighDateTime=0x1d935f5, ftLastWriteTime.dwLowDateTime=0x79b6aa4f, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1c38e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MEbNa.png", cAlternateFileName="")) returned 1 [0144.786] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.786] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.786] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.786] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.786] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.786] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.786] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\MEbNa.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\mebna.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.787] GetFileType (hFile=0x220) returned 0x1 [0144.787] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=115598) returned 1 [0144.787] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=115598) returned 1 [0144.787] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.787] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.788] CloseHandle (hObject=0x220) returned 1 [0144.788] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6465c100, ftCreationTime.dwHighDateTime=0x1d9285d, ftLastAccessTime.dwLowDateTime=0xd73b0940, ftLastAccessTime.dwHighDateTime=0x1d932ff, ftLastWriteTime.dwLowDateTime=0x79b90af8, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x7180, dwReserved0=0x0, dwReserved1=0x0, cFileName="MQux2 vq81yYA.jpg", cAlternateFileName="MQUX2V~1.JPG")) returned 1 [0144.788] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.788] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.788] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.788] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.788] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.788] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.789] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\MQux2 vq81yYA.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\mqux2 vq81yya.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.789] GetFileType (hFile=0x220) returned 0x1 [0144.789] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=29056) returned 1 [0144.789] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=29056) returned 1 [0144.789] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.789] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.790] CloseHandle (hObject=0x220) returned 1 [0144.790] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93586100, ftCreationTime.dwHighDateTime=0x1d92cf6, ftLastAccessTime.dwLowDateTime=0x41424860, ftLastAccessTime.dwHighDateTime=0x1d934dd, ftLastWriteTime.dwLowDateTime=0x79bdcf37, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1d271, dwReserved0=0x0, dwReserved1=0x0, cFileName="N QZTMIXjBIoZTX.png", cAlternateFileName="NQZTMI~1.PNG")) returned 1 [0144.790] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.790] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.790] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.790] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.790] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.791] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.791] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\N QZTMIXjBIoZTX.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\n qztmixjbioztx.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.791] GetFileType (hFile=0x220) returned 0x1 [0144.791] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=119409) returned 1 [0144.791] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=119409) returned 1 [0144.791] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.792] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.792] CloseHandle (hObject=0x220) returned 1 [0144.792] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x149525a0, ftCreationTime.dwHighDateTime=0x1d9286f, ftLastAccessTime.dwLowDateTime=0xa5b23f90, ftLastAccessTime.dwHighDateTime=0x1d92e1a, ftLastWriteTime.dwLowDateTime=0x79ce83b1, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x10b8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="O9JzJbgS7Mb5w.csv", cAlternateFileName="O9JZJB~1.CSV")) returned 1 [0144.792] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.792] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.792] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.792] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.793] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.793] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.793] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\O9JzJbgS7Mb5w.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\o9jzjbgs7mb5w.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.793] GetFileType (hFile=0x220) returned 0x1 [0144.793] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbd298*=68494) returned 1 [0144.793] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcbd248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbd248*=68494) returned 1 [0144.793] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbd298*=0) returned 1 [0144.794] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x10b8e) returned 0x5f3fb0 [0144.794] ReadFile (in: hFile=0x220, lpBuffer=0x5f3fb0, nNumberOfBytesToRead=0x10000, lpNumberOfBytesRead=0xcbd208, lpOverlapped=0x0 | out: lpBuffer=0x5f3fb0*, lpNumberOfBytesRead=0xcbd208*=0x10000, lpOverlapped=0x0) returned 1 [0144.794] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x604b50 [0144.794] ReadFile (in: hFile=0x220, lpBuffer=0x604b50, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbd198, lpOverlapped=0x0 | out: lpBuffer=0x604b50*, lpNumberOfBytesRead=0xcbd198*=0xb8e, lpOverlapped=0x0) returned 1 [0144.795] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x604b50 | out: hHeap=0x5c0000) returned 1 [0144.795] CloseHandle (hObject=0x220) returned 1 [0144.796] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5f3fb0 | out: hHeap=0x5c0000) returned 1 [0144.797] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cd88590, ftCreationTime.dwHighDateTime=0x1d92e9c, ftLastAccessTime.dwLowDateTime=0xddf342d0, ftLastAccessTime.dwHighDateTime=0x1d931e1, ftLastWriteTime.dwLowDateTime=0x79df2fe9, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xcd7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tkmuw2oxS7Skgbs.avi", cAlternateFileName="TKMUW2~1.AVI")) returned 1 [0144.797] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.797] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.797] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.797] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.797] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.797] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.797] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\Tkmuw2oxS7Skgbs.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\tkmuw2oxs7skgbs.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.798] GetFileType (hFile=0x220) returned 0x1 [0144.798] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=52606) returned 1 [0144.798] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=52606) returned 1 [0144.798] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.798] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.837] CloseHandle (hObject=0x220) returned 1 [0144.837] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e00bda0, ftCreationTime.dwHighDateTime=0x1d93372, ftLastAccessTime.dwLowDateTime=0x7904c240, ftLastAccessTime.dwHighDateTime=0x1d933c1, ftLastWriteTime.dwLowDateTime=0x79e3f643, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1a985, dwReserved0=0x0, dwReserved1=0x0, cFileName="W2krG8rPbXHhq WhYNIP.wav", cAlternateFileName="W2KRG8~1.WAV")) returned 1 [0144.837] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.837] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.837] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.837] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.837] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.837] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.838] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\bg40Nk k8gAEKN\\W2krG8rPbXHhq WhYNIP.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bg40nk k8gaekn\\w2krg8rpbxhhq whynip.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.838] GetFileType (hFile=0x220) returned 0x1 [0144.838] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=108933) returned 1 [0144.838] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=108933) returned 1 [0144.838] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.839] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.839] CloseHandle (hObject=0x220) returned 1 [0144.839] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.839] GetLastError () returned 0x12 [0144.839] GetLastError () returned 0x12 [0144.839] SetLastError (dwErrCode=0x12) [0144.840] FindClose (in: hFindFile=0x5d04a0 | out: hFindFile=0x5d04a0) returned 1 [0144.840] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27af0680, ftCreationTime.dwHighDateTime=0x1d947a8, ftLastAccessTime.dwLowDateTime=0x27af0680, ftLastAccessTime.dwHighDateTime=0x1d947a8, ftLastWriteTime.dwLowDateTime=0x1e74f400, ftLastWriteTime.dwHighDateTime=0x1d942e7, nFileSizeHigh=0x0, nFileSizeLow=0x1daa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bucbja.dll", cAlternateFileName="")) returned 1 [0144.840] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.840] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.840] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.840] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.840] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.840] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.840] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x79f70a59, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5220, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0144.840] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.840] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.840] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.840] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.840] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.841] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.841] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.841] GetFileType (hFile=0x21c) returned 0x1 [0144.841] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21024) returned 1 [0144.841] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21024) returned 1 [0144.841] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.842] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.842] CloseHandle (hObject=0x21c) returned 1 [0144.842] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x551fc240, ftCreationTime.dwHighDateTime=0x1d92c54, ftLastAccessTime.dwLowDateTime=0x1fa268b0, ftLastAccessTime.dwHighDateTime=0x1d92db8, ftLastWriteTime.dwLowDateTime=0x79f96bfb, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x78b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fcJkgUpdA60JQ 5.m4a", cAlternateFileName="FCJKGU~1.M4A")) returned 1 [0144.842] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.842] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.842] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.842] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.843] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.843] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.843] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\fcJkgUpdA60JQ 5.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcjkgupda60jq 5.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.843] GetFileType (hFile=0x21c) returned 0x1 [0144.843] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=30896) returned 1 [0144.843] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=30896) returned 1 [0144.844] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.844] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.844] CloseHandle (hObject=0x21c) returned 1 [0144.844] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45a076f0, ftCreationTime.dwHighDateTime=0x1d92b5c, ftLastAccessTime.dwLowDateTime=0xfc8fd640, ftLastAccessTime.dwHighDateTime=0x1d92b60, ftLastWriteTime.dwLowDateTime=0xfc8fd640, ftLastWriteTime.dwHighDateTime=0x1d92b60, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FcM3HJ3zl6", cAlternateFileName="FCM3HJ~1")) returned 1 [0144.844] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.844] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.845] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.845] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.845] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x5d04a0 [0144.845] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.845] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.845] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.846] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45a076f0, ftCreationTime.dwHighDateTime=0x1d92b5c, ftLastAccessTime.dwLowDateTime=0xfc8fd640, ftLastAccessTime.dwHighDateTime=0x1d92b60, ftLastWriteTime.dwLowDateTime=0xfc8fd640, ftLastWriteTime.dwHighDateTime=0x1d92b60, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.846] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.846] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.846] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.846] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.846] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.846] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.846] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29084ed0, ftCreationTime.dwHighDateTime=0x1d93379, ftLastAccessTime.dwLowDateTime=0x49ddc910, ftLastAccessTime.dwHighDateTime=0x1d935fd, ftLastWriteTime.dwLowDateTime=0x7a0c7e87, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xe7ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="-LrxdLy.mkv", cAlternateFileName="")) returned 1 [0144.846] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.846] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.846] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.846] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.846] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.846] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.847] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\-LrxdLy.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\-lrxdly.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.847] GetFileType (hFile=0x220) returned 0x1 [0144.847] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=59375) returned 1 [0144.847] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=59375) returned 1 [0144.847] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.847] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.848] CloseHandle (hObject=0x220) returned 1 [0144.848] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72e30d10, ftCreationTime.dwHighDateTime=0x1d934c3, ftLastAccessTime.dwLowDateTime=0xb52d2ac0, ftLastAccessTime.dwHighDateTime=0x1d934c8, ftLastWriteTime.dwLowDateTime=0x7a3e8fcb, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x157e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="7qhpz8_JHXZdpvy.jpg", cAlternateFileName="7QHPZ8~1.JPG")) returned 1 [0144.848] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.849] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.849] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.849] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.849] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.849] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.849] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\7qhpz8_JHXZdpvy.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\7qhpz8_jhxzdpvy.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.849] GetFileType (hFile=0x220) returned 0x1 [0144.850] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=88039) returned 1 [0144.850] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=88039) returned 1 [0144.850] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.850] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.850] CloseHandle (hObject=0x220) returned 1 [0144.851] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x33261ad0, ftCreationTime.dwHighDateTime=0x1d92845, ftLastAccessTime.dwLowDateTime=0x3d24cad0, ftLastAccessTime.dwHighDateTime=0x1d929ae, ftLastWriteTime.dwLowDateTime=0x7a40f1c0, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x9e7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="bqN93ZeE_VWClGu7lT88.xlsx", cAlternateFileName="BQN93Z~1.XLS")) returned 1 [0144.851] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.851] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.851] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.851] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.851] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.851] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.851] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\bqN93ZeE_VWClGu7lT88.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\bqn93zee_vwclgu7lt88.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.852] GetFileType (hFile=0x220) returned 0x1 [0144.852] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbd298*=40574) returned 1 [0144.852] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcbd248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbd248*=40574) returned 1 [0144.852] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbd298*=0) returned 1 [0144.852] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x9e7e) returned 0x5fe250 [0144.853] ReadFile (in: hFile=0x220, lpBuffer=0x5fe250, nNumberOfBytesToRead=0x9000, lpNumberOfBytesRead=0xcbd208, lpOverlapped=0x0 | out: lpBuffer=0x5fe250*, lpNumberOfBytesRead=0xcbd208*=0x9000, lpOverlapped=0x0) returned 1 [0144.853] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x6080e0 [0144.853] ReadFile (in: hFile=0x220, lpBuffer=0x6080e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbd198, lpOverlapped=0x0 | out: lpBuffer=0x6080e0*, lpNumberOfBytesRead=0xcbd198*=0xe7e, lpOverlapped=0x0) returned 1 [0144.854] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x6080e0 | out: hHeap=0x5c0000) returned 1 [0144.854] CloseHandle (hObject=0x220) returned 1 [0144.855] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5fe250 | out: hHeap=0x5c0000) returned 1 [0144.856] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7c45970, ftCreationTime.dwHighDateTime=0x1d92c4e, ftLastAccessTime.dwLowDateTime=0x4949360, ftLastAccessTime.dwHighDateTime=0x1d9340f, ftLastWriteTime.dwLowDateTime=0x7a4f3fd8, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x12d4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Eis9xSD3cZ.swf", cAlternateFileName="EIS9XS~1.SWF")) returned 1 [0144.856] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.856] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.856] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.856] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.856] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.856] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.856] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\Eis9xSD3cZ.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\eis9xsd3cz.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.857] GetFileType (hFile=0x220) returned 0x1 [0144.857] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=77133) returned 1 [0144.857] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=77133) returned 1 [0144.857] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.857] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.857] CloseHandle (hObject=0x220) returned 1 [0144.858] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab1dccd0, ftCreationTime.dwHighDateTime=0x1d932fa, ftLastAccessTime.dwLowDateTime=0x6f26b430, ftLastAccessTime.dwHighDateTime=0x1d9357a, ftLastWriteTime.dwLowDateTime=0x7a5ffdce, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5de0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GaQ1TU-ns4-u6B3Pj_F.swf", cAlternateFileName="GAQ1TU~1.SWF")) returned 1 [0144.858] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.858] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.858] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.858] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.858] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.858] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.858] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\GaQ1TU-ns4-u6B3Pj_F.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\gaq1tu-ns4-u6b3pj_f.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.859] GetFileType (hFile=0x220) returned 0x1 [0144.859] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=24032) returned 1 [0144.859] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=24032) returned 1 [0144.859] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.859] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.860] CloseHandle (hObject=0x220) returned 1 [0144.860] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8eb1f40, ftCreationTime.dwHighDateTime=0x1d9276a, ftLastAccessTime.dwLowDateTime=0x4c3e4340, ftLastAccessTime.dwHighDateTime=0x1d934c9, ftLastWriteTime.dwLowDateTime=0x7a77c835, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1a442, dwReserved0=0x0, dwReserved1=0x0, cFileName="kQdD.rtf", cAlternateFileName="")) returned 1 [0144.860] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.860] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.860] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.860] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.860] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.860] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.861] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\kQdD.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\kqdd.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.861] GetFileType (hFile=0x220) returned 0x1 [0144.861] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=107586) returned 1 [0144.861] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=107586) returned 1 [0144.861] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.861] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.861] CloseHandle (hObject=0x220) returned 1 [0144.862] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc04f0390, ftCreationTime.dwHighDateTime=0x1d92a34, ftLastAccessTime.dwLowDateTime=0x55a7e770, ftLastAccessTime.dwHighDateTime=0x1d932ca, ftLastWriteTime.dwLowDateTime=0x7a7c9982, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x6310, dwReserved0=0x0, dwReserved1=0x0, cFileName="nq8ktm1kT2WY3NIUwi.jpg", cAlternateFileName="NQ8KTM~1.JPG")) returned 1 [0144.862] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.862] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.862] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.862] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.862] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.862] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.862] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\nq8ktm1kT2WY3NIUwi.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\nq8ktm1kt2wy3niuwi.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.863] GetFileType (hFile=0x220) returned 0x1 [0144.863] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=25360) returned 1 [0144.863] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=25360) returned 1 [0144.863] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.863] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.864] CloseHandle (hObject=0x220) returned 1 [0144.864] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x391a5680, ftCreationTime.dwHighDateTime=0x1d931fb, ftLastAccessTime.dwLowDateTime=0xdda41330, ftLastAccessTime.dwHighDateTime=0x1d93417, ftLastWriteTime.dwLowDateTime=0x7aac3c1e, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x8550, dwReserved0=0x0, dwReserved1=0x0, cFileName="x5oeGxuFd3ZTD.jpg", cAlternateFileName="X5OEGX~1.JPG")) returned 1 [0144.864] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.864] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.864] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.864] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.864] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.864] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.865] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\x5oeGxuFd3ZTD.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\x5oegxufd3ztd.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.865] GetFileType (hFile=0x220) returned 0x1 [0144.865] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=34128) returned 1 [0144.865] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=34128) returned 1 [0144.865] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.865] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.866] CloseHandle (hObject=0x220) returned 1 [0144.866] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x386894a0, ftCreationTime.dwHighDateTime=0x1d93038, ftLastAccessTime.dwLowDateTime=0xcd2764c0, ftLastAccessTime.dwHighDateTime=0x1d933d2, ftLastWriteTime.dwLowDateTime=0x7ab82842, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xe563, dwReserved0=0x0, dwReserved1=0x0, cFileName="xKw XH2hna1hjh-.bmp", cAlternateFileName="XKWXH2~1.BMP")) returned 1 [0144.866] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.866] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.866] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.866] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.866] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.866] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.867] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FcM3HJ3zl6\\xKw XH2hna1hjh-.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fcm3hj3zl6\\xkw xh2hna1hjh-.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x220 [0144.867] GetFileType (hFile=0x220) returned 0x1 [0144.867] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=58723) returned 1 [0144.867] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=58723) returned 1 [0144.867] SetFilePointerEx (in: hFile=0x220, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.867] ReadFile (in: hFile=0x220, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.868] CloseHandle (hObject=0x220) returned 1 [0144.868] FindNextFileW (in: hFindFile=0x5d04a0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.868] GetLastError () returned 0x12 [0144.868] GetLastError () returned 0x12 [0144.868] SetLastError (dwErrCode=0x12) [0144.868] FindClose (in: hFindFile=0x5d04a0 | out: hFindFile=0x5d04a0) returned 1 [0144.868] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb8a930, ftCreationTime.dwHighDateTime=0x1d934ad, ftLastAccessTime.dwLowDateTime=0x6274c300, ftLastAccessTime.dwHighDateTime=0x1d9352d, ftLastWriteTime.dwLowDateTime=0x7ac8d7fb, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x14640, dwReserved0=0x0, dwReserved1=0x0, cFileName="FhFI_-.mkv", cAlternateFileName="")) returned 1 [0144.868] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.868] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.869] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.869] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.869] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.869] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.869] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\FhFI_-.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\fhfi_-.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.869] GetFileType (hFile=0x21c) returned 0x1 [0144.869] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=83520) returned 1 [0144.870] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=83520) returned 1 [0144.870] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.870] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.903] CloseHandle (hObject=0x21c) returned 1 [0144.904] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39422ae0, ftCreationTime.dwHighDateTime=0x1d92ebb, ftLastAccessTime.dwLowDateTime=0x894d02c0, ftLastAccessTime.dwHighDateTime=0x1d933d0, ftLastWriteTime.dwLowDateTime=0x7ae7d625, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1304b, dwReserved0=0x0, dwReserved1=0x0, cFileName="HRe28UwE020sVBMZQXSM.wav", cAlternateFileName="HRE28U~1.WAV")) returned 1 [0144.904] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.904] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.904] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.904] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.904] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.904] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.904] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\HRe28UwE020sVBMZQXSM.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\hre28uwe020svbmzqxsm.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.905] GetFileType (hFile=0x21c) returned 0x1 [0144.905] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=77899) returned 1 [0144.905] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=77899) returned 1 [0144.905] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.905] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.906] CloseHandle (hObject=0x21c) returned 1 [0144.906] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb78db5e0, ftCreationTime.dwHighDateTime=0x1d9312c, ftLastAccessTime.dwLowDateTime=0x39c93d60, ftLastAccessTime.dwHighDateTime=0x1d9336a, ftLastWriteTime.dwLowDateTime=0x7b1785dd, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x162ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="ietUiQ4ShEt 5.docx", cAlternateFileName="IETUIQ~1.DOC")) returned 1 [0144.906] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.906] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.906] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.906] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.906] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.906] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.906] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ietUiQ4ShEt 5.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ietuiq4shet 5.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.907] GetFileType (hFile=0x21c) returned 0x1 [0144.907] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=90830) returned 1 [0144.907] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=90830) returned 1 [0144.908] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0144.908] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x162ce) returned 0x615120 [0144.911] ReadFile (in: hFile=0x21c, lpBuffer=0x615120, nNumberOfBytesToRead=0x16000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615120*, lpNumberOfBytesRead=0xcbdaf8*=0x16000, lpOverlapped=0x0) returned 1 [0144.912] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x6022e0 [0144.912] ReadFile (in: hFile=0x21c, lpBuffer=0x6022e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x6022e0*, lpNumberOfBytesRead=0xcbda88*=0x2ce, lpOverlapped=0x0) returned 1 [0144.913] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x6022e0 | out: hHeap=0x5c0000) returned 1 [0144.913] CloseHandle (hObject=0x21c) returned 1 [0144.915] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615120 | out: hHeap=0x5c0000) returned 1 [0144.916] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28479d00, ftCreationTime.dwHighDateTime=0x1d947a8, ftLastAccessTime.dwLowDateTime=0x354d9780, ftLastAccessTime.dwHighDateTime=0x1d9477a, ftLastWriteTime.dwLowDateTime=0x6815be80, ftLastWriteTime.dwHighDateTime=0x1d93533, nFileSizeHigh=0x0, nFileSizeLow=0x21400, dwReserved0=0x0, dwReserved1=0x0, cFileName="JHaFdvIr.exe", cAlternateFileName="")) returned 1 [0144.916] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.916] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.916] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.916] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.916] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.916] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.916] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37dc55e0, ftCreationTime.dwHighDateTime=0x1d92a74, ftLastAccessTime.dwLowDateTime=0xdfd23c30, ftLastAccessTime.dwHighDateTime=0x1d93477, ftLastWriteTime.dwLowDateTime=0x7bbc08b2, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xeeef, dwReserved0=0x0, dwReserved1=0x0, cFileName="JmOoaS6u8M9cmhXt.avi", cAlternateFileName="JMOOAS~1.AVI")) returned 1 [0144.916] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.916] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.916] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.916] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.916] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.917] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.917] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\JmOoaS6u8M9cmhXt.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jmooas6u8m9cmhxt.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.918] GetFileType (hFile=0x21c) returned 0x1 [0144.918] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=61167) returned 1 [0144.918] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=61167) returned 1 [0144.918] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.918] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.918] CloseHandle (hObject=0x21c) returned 1 [0144.919] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6ff3e90, ftCreationTime.dwHighDateTime=0x1d92b1e, ftLastAccessTime.dwLowDateTime=0x9cfd23e0, ftLastAccessTime.dwHighDateTime=0x1d932c2, ftLastWriteTime.dwLowDateTime=0x7c2c16b6, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x7470, dwReserved0=0x0, dwReserved1=0x0, cFileName="L27gnkwUaPU.wav", cAlternateFileName="L27GNK~1.WAV")) returned 1 [0144.919] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.919] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.919] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.919] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.919] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.919] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.919] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\L27gnkwUaPU.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\l27gnkwuapu.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.920] GetFileType (hFile=0x21c) returned 0x1 [0144.920] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=29808) returned 1 [0144.920] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=29808) returned 1 [0144.920] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.920] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.921] CloseHandle (hObject=0x21c) returned 1 [0144.921] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c5aae70, ftCreationTime.dwHighDateTime=0x1d92b5f, ftLastAccessTime.dwLowDateTime=0xe4bf5fc0, ftLastAccessTime.dwHighDateTime=0x1d93206, ftLastWriteTime.dwLowDateTime=0x7c2c16b6, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1dfaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="LWOpNwhoWf-tD6clCMOy.flv", cAlternateFileName="LWOPNW~1.FLV")) returned 1 [0144.921] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.921] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.921] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.921] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.921] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.921] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.921] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\LWOpNwhoWf-tD6clCMOy.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\lwopnwhowf-td6clcmoy.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.922] GetFileType (hFile=0x21c) returned 0x1 [0144.922] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=122799) returned 1 [0144.922] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=122799) returned 1 [0144.922] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.922] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.923] CloseHandle (hObject=0x21c) returned 1 [0144.923] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x513ff7d0, ftCreationTime.dwHighDateTime=0x1d9332a, ftLastAccessTime.dwLowDateTime=0xcc035bc0, ftLastAccessTime.dwHighDateTime=0x1d935c2, ftLastWriteTime.dwLowDateTime=0x7c429e73, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x15d1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NwY6hKuwxHg.doc", cAlternateFileName="NWY6HK~1.DOC")) returned 1 [0144.923] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.923] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.923] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.923] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.923] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.923] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.923] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NwY6hKuwxHg.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\nwy6hkuwxhg.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.924] GetFileType (hFile=0x21c) returned 0x1 [0144.924] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=89374) returned 1 [0144.924] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=89374) returned 1 [0144.924] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0144.924] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x15d1e) returned 0x615120 [0144.926] ReadFile (in: hFile=0x21c, lpBuffer=0x615120, nNumberOfBytesToRead=0x15000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615120*, lpNumberOfBytesRead=0xcbdaf8*=0x15000, lpOverlapped=0x0) returned 1 [0144.927] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x604300 [0144.927] ReadFile (in: hFile=0x21c, lpBuffer=0x604300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x604300*, lpNumberOfBytesRead=0xcbda88*=0xd1e, lpOverlapped=0x0) returned 1 [0144.928] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x604300 | out: hHeap=0x5c0000) returned 1 [0144.928] CloseHandle (hObject=0x21c) returned 1 [0144.929] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615120 | out: hHeap=0x5c0000) returned 1 [0144.930] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6dd306f0, ftCreationTime.dwHighDateTime=0x1d92fdb, ftLastAccessTime.dwLowDateTime=0xd61680, ftLastAccessTime.dwHighDateTime=0x1d93177, ftLastWriteTime.dwLowDateTime=0x7cb3c0a0, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xc651, dwReserved0=0x0, dwReserved1=0x0, cFileName="ohl0ID R665MlqcWPnkd.jpg", cAlternateFileName="OHL0ID~1.JPG")) returned 1 [0144.930] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.930] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.930] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.930] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.930] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.930] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.930] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ohl0ID R665MlqcWPnkd.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ohl0id r665mlqcwpnkd.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.931] GetFileType (hFile=0x21c) returned 0x1 [0144.931] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=50769) returned 1 [0144.932] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=50769) returned 1 [0144.932] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.932] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.932] CloseHandle (hObject=0x21c) returned 1 [0144.932] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3c6e100, ftCreationTime.dwHighDateTime=0x1d93314, ftLastAccessTime.dwLowDateTime=0xcaf28350, ftLastAccessTime.dwHighDateTime=0x1d93496, ftLastWriteTime.dwLowDateTime=0x7cc613ca, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x79b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ol8V8.wav", cAlternateFileName="")) returned 1 [0144.933] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.933] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.933] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.933] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.933] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.933] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.933] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Ol8V8.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ol8v8.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.933] GetFileType (hFile=0x21c) returned 0x1 [0144.933] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=31152) returned 1 [0144.934] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=31152) returned 1 [0144.934] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.934] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.934] CloseHandle (hObject=0x21c) returned 1 [0144.934] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3d37270, ftCreationTime.dwHighDateTime=0x1d92976, ftLastAccessTime.dwLowDateTime=0x6479af90, ftLastAccessTime.dwHighDateTime=0x1d93581, ftLastWriteTime.dwLowDateTime=0x7cccffd6, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x10d88, dwReserved0=0x0, dwReserved1=0x0, cFileName="osCn.swf", cAlternateFileName="")) returned 1 [0144.935] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.935] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.935] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.935] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.935] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.935] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.935] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\osCn.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\oscn.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.935] GetFileType (hFile=0x21c) returned 0x1 [0144.936] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=69000) returned 1 [0144.936] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=69000) returned 1 [0144.936] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.936] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.936] CloseHandle (hObject=0x21c) returned 1 [0144.937] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f82780, ftCreationTime.dwHighDateTime=0x1d935f1, ftLastAccessTime.dwLowDateTime=0xbb199890, ftLastAccessTime.dwHighDateTime=0x1d9360a, ftLastWriteTime.dwLowDateTime=0x7ce4e150, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1418c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q8qRvFmm3IQe7eqKqz.bmp", cAlternateFileName="Q8QRVF~1.BMP")) returned 1 [0144.937] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.937] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.937] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.937] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.937] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.937] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.937] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Q8qRvFmm3IQe7eqKqz.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\q8qrvfmm3iqe7eqkqz.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.937] GetFileType (hFile=0x21c) returned 0x1 [0144.938] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=82316) returned 1 [0144.938] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=82316) returned 1 [0144.938] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.938] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.940] CloseHandle (hObject=0x21c) returned 1 [0144.940] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x806d33d0, ftCreationTime.dwHighDateTime=0x1d93044, ftLastAccessTime.dwLowDateTime=0x2fd2abe0, ftLastAccessTime.dwHighDateTime=0x1d931ce, ftLastWriteTime.dwLowDateTime=0x7cec88ff, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x153c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="ttBDr.gif", cAlternateFileName="")) returned 1 [0144.940] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.940] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.941] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.941] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.941] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.941] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.941] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ttBDr.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ttbdr.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.941] GetFileType (hFile=0x21c) returned 0x1 [0144.941] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=86981) returned 1 [0144.941] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=86981) returned 1 [0144.942] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.942] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.942] CloseHandle (hObject=0x21c) returned 1 [0144.943] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52b56f90, ftCreationTime.dwHighDateTime=0x1d93484, ftLastAccessTime.dwLowDateTime=0x76cfc660, ftLastAccessTime.dwHighDateTime=0x1d9361d, ftLastWriteTime.dwLowDateTime=0x7cee52de, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x16d36, dwReserved0=0x0, dwReserved1=0x0, cFileName="unFqS0IAA-HHEp.wav", cAlternateFileName="UNFQS0~1.WAV")) returned 1 [0144.943] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.943] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.943] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.943] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.943] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.943] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.943] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\unFqS0IAA-HHEp.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\unfqs0iaa-hhep.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.944] GetFileType (hFile=0x21c) returned 0x1 [0144.944] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=93494) returned 1 [0144.944] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=93494) returned 1 [0144.944] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.944] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.945] CloseHandle (hObject=0x21c) returned 1 [0144.945] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8561b180, ftCreationTime.dwHighDateTime=0x1d92bfe, ftLastAccessTime.dwLowDateTime=0x4df18ca0, ftLastAccessTime.dwHighDateTime=0x1d92fa7, ftLastWriteTime.dwLowDateTime=0x7cf7cbe0, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x15c42, dwReserved0=0x0, dwReserved1=0x0, cFileName="WeC6taEqPlgqc7c.swf", cAlternateFileName="WEC6TA~1.SWF")) returned 1 [0144.945] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.945] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.945] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.945] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.945] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.945] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.945] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\WeC6taEqPlgqc7c.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\wec6taeqplgqc7c.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.946] GetFileType (hFile=0x21c) returned 0x1 [0144.946] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=89154) returned 1 [0144.946] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=89154) returned 1 [0144.946] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.946] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.947] CloseHandle (hObject=0x21c) returned 1 [0144.947] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e6dddf0, ftCreationTime.dwHighDateTime=0x1d928f0, ftLastAccessTime.dwLowDateTime=0x2b5384e0, ftLastAccessTime.dwHighDateTime=0x1d92e77, ftLastWriteTime.dwLowDateTime=0x7cfc9333, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1ddbd, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZGTkYd2PTX5 vmJh.swf", cAlternateFileName="ZGTKYD~1.SWF")) returned 1 [0144.947] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.947] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.947] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.947] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.947] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.947] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.947] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ZGTkYd2PTX5 vmJh.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zgtkyd2ptx5 vmjh.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.948] GetFileType (hFile=0x21c) returned 0x1 [0144.948] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=122301) returned 1 [0144.948] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=122301) returned 1 [0144.948] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0144.948] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0144.949] CloseHandle (hObject=0x21c) returned 1 [0144.949] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.949] GetLastError () returned 0x12 [0144.949] GetLastError () returned 0x12 [0144.949] SetLastError (dwErrCode=0x12) [0144.949] FindClose (in: hFindFile=0x5cff00 | out: hFindFile=0x5cff00) returned 1 [0144.949] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe1bd30ef, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe1bd30ef, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0144.949] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.949] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.949] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.949] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.950] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0144.950] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0144.950] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5cf900 [0144.950] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.950] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.950] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.950] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.950] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.950] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.950] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe1bd30ef, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe1bd30ef, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x1, cFileName="..", cAlternateFileName="")) returned 1 [0144.951] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.951] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.951] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.951] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.951] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.951] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.951] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36e9710, ftCreationTime.dwHighDateTime=0x1d91e21, ftLastAccessTime.dwLowDateTime=0x9742a820, ftLastAccessTime.dwHighDateTime=0x1d93318, ftLastWriteTime.dwLowDateTime=0x7d0d412c, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x14fbe, dwReserved0=0x0, dwReserved1=0x1, cFileName="-1C3jY4Vl.xlsx", cAlternateFileName="-1C3JY~1.XLS")) returned 1 [0144.951] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.951] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.951] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.951] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.951] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.951] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.952] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\-1C3jY4Vl.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\-1c3jy4vl.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.952] GetFileType (hFile=0x21c) returned 0x1 [0144.952] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=85950) returned 1 [0144.952] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=85950) returned 1 [0144.952] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0144.952] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x14fbe) returned 0x615910 [0144.954] ReadFile (in: hFile=0x21c, lpBuffer=0x615910, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbdaf8*=0x14000, lpOverlapped=0x0) returned 1 [0144.955] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60a360 [0144.955] ReadFile (in: hFile=0x21c, lpBuffer=0x60a360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x60a360*, lpNumberOfBytesRead=0xcbda88*=0xfbe, lpOverlapped=0x0) returned 1 [0144.956] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60a360 | out: hHeap=0x5c0000) returned 1 [0144.956] CloseHandle (hObject=0x21c) returned 1 [0144.957] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0144.957] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x858c0bc0, ftCreationTime.dwHighDateTime=0x1d8d65d, ftLastAccessTime.dwLowDateTime=0xaade0c00, ftLastAccessTime.dwHighDateTime=0x1d92515, ftLastWriteTime.dwLowDateTime=0x7d1df2b2, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x116ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="2hljBgD1 RG.docx", cAlternateFileName="2HLJBG~1.DOC")) returned 1 [0144.957] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.957] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.957] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.957] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.958] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.958] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.958] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\2hljBgD1 RG.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\2hljbgd1 rg.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.959] GetFileType (hFile=0x21c) returned 0x1 [0144.959] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=71406) returned 1 [0144.959] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=71406) returned 1 [0144.959] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0144.960] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x116ee) returned 0x615910 [0144.960] ReadFile (in: hFile=0x21c, lpBuffer=0x615910, nNumberOfBytesToRead=0x11000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbdaf8*=0x11000, lpOverlapped=0x0) returned 1 [0144.961] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60a360 [0144.961] ReadFile (in: hFile=0x21c, lpBuffer=0x60a360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x60a360*, lpNumberOfBytesRead=0xcbda88*=0x6ee, lpOverlapped=0x0) returned 1 [0144.961] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60a360 | out: hHeap=0x5c0000) returned 1 [0144.961] CloseHandle (hObject=0x21c) returned 1 [0144.963] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0144.963] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac18b6b0, ftCreationTime.dwHighDateTime=0x1d8be0e, ftLastAccessTime.dwLowDateTime=0xba7b5cf0, ftLastAccessTime.dwHighDateTime=0x1d8d487, ftLastWriteTime.dwLowDateTime=0x7d22b63d, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xea4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="3MLRCwi-_Xdb6cchu_-.xlsx", cAlternateFileName="3MLRCW~1.XLS")) returned 1 [0144.963] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.963] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.963] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.963] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.963] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.963] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.964] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3MLRCwi-_Xdb6cchu_-.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3mlrcwi-_xdb6cchu_-.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.964] GetFileType (hFile=0x21c) returned 0x1 [0144.964] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=59982) returned 1 [0144.964] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=59982) returned 1 [0144.964] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0144.964] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0xea4e) returned 0x615910 [0144.964] ReadFile (in: hFile=0x21c, lpBuffer=0x615910, nNumberOfBytesToRead=0xe000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbdaf8*=0xe000, lpOverlapped=0x0) returned 1 [0144.965] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x604300 [0144.965] ReadFile (in: hFile=0x21c, lpBuffer=0x604300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x604300*, lpNumberOfBytesRead=0xcbda88*=0xa4e, lpOverlapped=0x0) returned 1 [0144.965] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x604300 | out: hHeap=0x5c0000) returned 1 [0144.965] CloseHandle (hObject=0x21c) returned 1 [0144.966] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0144.966] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4dfb71b0, ftCreationTime.dwHighDateTime=0x1d92d78, ftLastAccessTime.dwLowDateTime=0x6d847eb0, ftLastAccessTime.dwHighDateTime=0x1d934f2, ftLastWriteTime.dwLowDateTime=0x6d847eb0, ftLastWriteTime.dwHighDateTime=0x1d934f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3Ozrn-C", cAlternateFileName="")) returned 1 [0144.966] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.966] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.966] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.966] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.966] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.966] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.967] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3Ozrn-C\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3ozrn-c\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x5cf960 [0144.967] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.967] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.967] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.967] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.967] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.967] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.967] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4dfb71b0, ftCreationTime.dwHighDateTime=0x1d92d78, ftLastAccessTime.dwLowDateTime=0x6d847eb0, ftLastAccessTime.dwHighDateTime=0x1d934f2, ftLastWriteTime.dwLowDateTime=0x6d847eb0, ftLastWriteTime.dwHighDateTime=0x1d934f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xf9, cFileName="..", cAlternateFileName="")) returned 1 [0144.967] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.967] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.967] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.967] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.968] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.968] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.968] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4a6e860, ftCreationTime.dwHighDateTime=0x1d92a5c, ftLastAccessTime.dwLowDateTime=0x7a349710, ftLastAccessTime.dwHighDateTime=0x1d9314d, ftLastWriteTime.dwLowDateTime=0x7d2ca598, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x11dde, dwReserved0=0x0, dwReserved1=0xf9, cFileName="-YU2Lx-6ZIPnCPiAFFe.ppt", cAlternateFileName="-YU2LX~1.PPT")) returned 1 [0144.968] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.968] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.968] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.968] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.968] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.968] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.968] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3Ozrn-C\\-YU2Lx-6ZIPnCPiAFFe.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3ozrn-c\\-yu2lx-6zipncpiaffe.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x278 [0144.969] GetFileType (hFile=0x278) returned 0x1 [0144.969] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbd298*=73182) returned 1 [0144.969] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcbd248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbd248*=73182) returned 1 [0144.969] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbd298*=0) returned 1 [0144.969] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x11dde) returned 0x615910 [0144.969] ReadFile (in: hFile=0x278, lpBuffer=0x615910, nNumberOfBytesToRead=0x11000, lpNumberOfBytesRead=0xcbd208, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbd208*=0x11000, lpOverlapped=0x0) returned 1 [0144.969] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x6032f0 [0144.970] ReadFile (in: hFile=0x278, lpBuffer=0x6032f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbd198, lpOverlapped=0x0 | out: lpBuffer=0x6032f0*, lpNumberOfBytesRead=0xcbd198*=0xdde, lpOverlapped=0x0) returned 1 [0144.970] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x6032f0 | out: hHeap=0x5c0000) returned 1 [0144.970] CloseHandle (hObject=0x278) returned 1 [0144.971] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0144.971] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9df80e0, ftCreationTime.dwHighDateTime=0x1d9353f, ftLastAccessTime.dwLowDateTime=0x3ca8a180, ftLastAccessTime.dwHighDateTime=0x1d935d9, ftLastWriteTime.dwLowDateTime=0x7d2f0988, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1cd9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="CdvPrp3Nu1pnIZzw.pps", cAlternateFileName="CDVPRP~1.PPS")) returned 1 [0144.971] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.971] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.971] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.971] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.971] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.971] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.971] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3Ozrn-C\\CdvPrp3Nu1pnIZzw.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3ozrn-c\\cdvprp3nu1pnizzw.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x278 [0144.972] GetFileType (hFile=0x278) returned 0x1 [0144.972] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=118171) returned 1 [0144.972] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=118171) returned 1 [0144.972] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.972] ReadFile (in: hFile=0x278, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.972] CloseHandle (hObject=0x278) returned 1 [0144.973] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4262e60, ftCreationTime.dwHighDateTime=0x1d92db2, ftLastAccessTime.dwLowDateTime=0x37c7b630, ftLastAccessTime.dwHighDateTime=0x1d92dc6, ftLastWriteTime.dwLowDateTime=0x7d317b85, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x42be, dwReserved0=0x0, dwReserved1=0x0, cFileName="h38g6jq9H1qf ZYhaRF.docx", cAlternateFileName="H38G6J~1.DOC")) returned 1 [0144.973] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.973] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.973] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.973] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.973] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.973] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.973] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3Ozrn-C\\h38g6jq9H1qf ZYhaRF.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3ozrn-c\\h38g6jq9h1qf zyharf.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x278 [0144.973] GetFileType (hFile=0x278) returned 0x1 [0144.974] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbd298*=17086) returned 1 [0144.974] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcbd248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbd248*=17086) returned 1 [0144.974] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbd298*=0) returned 1 [0144.974] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x42be) returned 0x615910 [0144.974] ReadFile (in: hFile=0x278, lpBuffer=0x615910, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0xcbd208, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbd208*=0x4000, lpOverlapped=0x0) returned 1 [0144.977] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x6032f0 [0144.977] ReadFile (in: hFile=0x278, lpBuffer=0x6032f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbd198, lpOverlapped=0x0 | out: lpBuffer=0x6032f0*, lpNumberOfBytesRead=0xcbd198*=0x2be, lpOverlapped=0x0) returned 1 [0144.977] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x6032f0 | out: hHeap=0x5c0000) returned 1 [0144.977] CloseHandle (hObject=0x278) returned 1 [0144.978] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0144.978] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28598d60, ftCreationTime.dwHighDateTime=0x1d92b17, ftLastAccessTime.dwLowDateTime=0x42e91570, ftLastAccessTime.dwHighDateTime=0x1d92f49, ftLastWriteTime.dwLowDateTime=0x7d45aa71, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1472e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vrr3e.ppt", cAlternateFileName="")) returned 1 [0144.978] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.978] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.978] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.978] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.978] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.978] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.978] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\3Ozrn-C\\Vrr3e.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\3ozrn-c\\vrr3e.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x278 [0144.979] GetFileType (hFile=0x278) returned 0x1 [0144.979] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbd298*=83758) returned 1 [0144.979] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcbd248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbd248*=83758) returned 1 [0144.979] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbd298*=0) returned 1 [0144.979] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x1472e) returned 0x615910 [0144.979] ReadFile (in: hFile=0x278, lpBuffer=0x615910, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0xcbd208, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbd208*=0x14000, lpOverlapped=0x0) returned 1 [0144.980] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x6032f0 [0144.980] ReadFile (in: hFile=0x278, lpBuffer=0x6032f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbd198, lpOverlapped=0x0 | out: lpBuffer=0x6032f0*, lpNumberOfBytesRead=0xcbd198*=0x72e, lpOverlapped=0x0) returned 1 [0144.980] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x6032f0 | out: hHeap=0x5c0000) returned 1 [0144.980] CloseHandle (hObject=0x278) returned 1 [0144.981] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0144.981] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0xf3000bf8, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.981] GetLastError () returned 0x12 [0144.981] GetLastError () returned 0x12 [0144.981] SetLastError (dwErrCode=0x12) [0144.981] FindClose (in: hFindFile=0x5cf960 | out: hFindFile=0x5cf960) returned 1 [0144.981] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabc332c0, ftCreationTime.dwHighDateTime=0x1d8c076, ftLastAccessTime.dwLowDateTime=0xc40c6e50, ftLastAccessTime.dwHighDateTime=0x1d8ff82, ftLastWriteTime.dwLowDateTime=0x7d51bbbe, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x12b3e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5oXD JYe1.xlsx", cAlternateFileName="5OXDJY~1.XLS")) returned 1 [0144.981] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.981] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.981] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.981] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.981] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.981] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.982] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\5oXD JYe1.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\5oxd jye1.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.982] GetFileType (hFile=0x21c) returned 0x1 [0144.982] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=76606) returned 1 [0144.982] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=76606) returned 1 [0144.982] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0144.982] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x12b3e) returned 0x615910 [0144.982] ReadFile (in: hFile=0x21c, lpBuffer=0x615910, nNumberOfBytesToRead=0x12000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbdaf8*=0x12000, lpOverlapped=0x0) returned 1 [0144.984] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60a360 [0144.984] ReadFile (in: hFile=0x21c, lpBuffer=0x60a360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x60a360*, lpNumberOfBytesRead=0xcbda88*=0xb3e, lpOverlapped=0x0) returned 1 [0144.984] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60a360 | out: hHeap=0x5c0000) returned 1 [0144.984] CloseHandle (hObject=0x21c) returned 1 [0144.985] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0144.985] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35c84090, ftCreationTime.dwHighDateTime=0x1d8b9f2, ftLastAccessTime.dwLowDateTime=0x98e5df20, ftLastAccessTime.dwHighDateTime=0x1d8d6c6, ftLastWriteTime.dwLowDateTime=0x7d51bbbe, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1a0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="6PDiYDbFPa.pptx", cAlternateFileName="6PDIYD~1.PPT")) returned 1 [0144.985] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.985] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.985] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.985] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.985] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.985] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.986] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\6PDiYDbFPa.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\6pdiydbfpa.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.986] GetFileType (hFile=0x21c) returned 0x1 [0144.986] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=6670) returned 1 [0144.986] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=6670) returned 1 [0144.986] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0144.986] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x1a0e) returned 0x615910 [0144.986] ReadFile (in: hFile=0x21c, lpBuffer=0x615910, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbdaf8*=0x1000, lpOverlapped=0x0) returned 1 [0144.987] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60a360 [0144.987] ReadFile (in: hFile=0x21c, lpBuffer=0x60a360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x60a360*, lpNumberOfBytesRead=0xcbda88*=0xa0e, lpOverlapped=0x0) returned 1 [0144.987] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60a360 | out: hHeap=0x5c0000) returned 1 [0144.987] CloseHandle (hObject=0x21c) returned 1 [0144.988] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0144.988] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb985730, ftCreationTime.dwHighDateTime=0x1d92f07, ftLastAccessTime.dwLowDateTime=0x2c035f90, ftLastAccessTime.dwHighDateTime=0x1d92f09, ftLastWriteTime.dwLowDateTime=0x2c035f90, ftLastWriteTime.dwHighDateTime=0x1d92f09, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8KT1V6XMJnk5nR_vJ-", cAlternateFileName="8KT1V6~1")) returned 1 [0144.988] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.988] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.988] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.988] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.988] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.988] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.988] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8KT1V6XMJnk5nR_vJ-\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8kt1v6xmjnk5nr_vj-\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x5cfae0 [0144.988] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.988] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.988] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.988] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.989] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.989] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.989] FindNextFileW (in: hFindFile=0x5cfae0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb985730, ftCreationTime.dwHighDateTime=0x1d92f07, ftLastAccessTime.dwLowDateTime=0x2c035f90, ftLastAccessTime.dwHighDateTime=0x1d92f09, ftLastWriteTime.dwLowDateTime=0x2c035f90, ftLastWriteTime.dwHighDateTime=0x1d92f09, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xfa, cFileName="..", cAlternateFileName="")) returned 1 [0144.989] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.989] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.989] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.989] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.989] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.989] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.989] FindNextFileW (in: hFindFile=0x5cfae0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4249fd80, ftCreationTime.dwHighDateTime=0x1d9292e, ftLastAccessTime.dwLowDateTime=0xe5b42610, ftLastAccessTime.dwHighDateTime=0x1d929ad, ftLastWriteTime.dwLowDateTime=0x7d569a16, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xb1d3, dwReserved0=0x0, dwReserved1=0xfa, cFileName="QH2yTaFyQ15m.ots", cAlternateFileName="QH2YTA~1.OTS")) returned 1 [0144.989] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.989] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.989] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.989] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.990] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.990] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.990] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8KT1V6XMJnk5nR_vJ-\\QH2yTaFyQ15m.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8kt1v6xmjnk5nr_vj-\\qh2ytafyq15m.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x278 [0144.990] GetFileType (hFile=0x278) returned 0x1 [0144.990] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=45523) returned 1 [0144.990] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=45523) returned 1 [0144.990] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.990] ReadFile (in: hFile=0x278, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.991] CloseHandle (hObject=0x278) returned 1 [0144.991] FindNextFileW (in: hFindFile=0x5cfae0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x947a8620, ftCreationTime.dwHighDateTime=0x1d93215, ftLastAccessTime.dwLowDateTime=0x113b480, ftLastAccessTime.dwHighDateTime=0x1d93263, ftLastWriteTime.dwLowDateTime=0x7d7107bb, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1a9ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="t XodtQj3D.odt", cAlternateFileName="TXODTQ~1.ODT")) returned 1 [0144.991] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.991] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.991] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.991] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.991] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0144.991] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0144.992] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8KT1V6XMJnk5nR_vJ-\\t XodtQj3D.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8kt1v6xmjnk5nr_vj-\\t xodtqj3d.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x278 [0144.992] GetFileType (hFile=0x278) returned 0x1 [0144.992] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=109036) returned 1 [0144.992] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=109036) returned 1 [0144.992] SetFilePointerEx (in: hFile=0x278, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0144.992] ReadFile (in: hFile=0x278, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0144.992] CloseHandle (hObject=0x278) returned 1 [0144.993] FindNextFileW (in: hFindFile=0x5cfae0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.993] GetLastError () returned 0x12 [0144.993] GetLastError () returned 0x12 [0144.993] SetLastError (dwErrCode=0x12) [0144.993] FindClose (in: hFindFile=0x5cfae0 | out: hFindFile=0x5cfae0) returned 1 [0144.993] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b2ebb70, ftCreationTime.dwHighDateTime=0x1d8ace9, ftLastAccessTime.dwLowDateTime=0x5349f270, ftLastAccessTime.dwHighDateTime=0x1d93347, ftLastWriteTime.dwLowDateTime=0x7d75e0b5, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xf80e, dwReserved0=0x0, dwReserved1=0x0, cFileName="9adZsO.xlsx", cAlternateFileName="9ADZSO~1.XLS")) returned 1 [0144.993] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.993] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.993] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.993] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.993] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.993] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.994] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\9adZsO.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\9adzso.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.994] GetFileType (hFile=0x21c) returned 0x1 [0144.994] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=63502) returned 1 [0144.994] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=63502) returned 1 [0144.994] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0144.994] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0xf80e) returned 0x615910 [0144.994] ReadFile (in: hFile=0x21c, lpBuffer=0x615910, nNumberOfBytesToRead=0xf000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbdaf8*=0xf000, lpOverlapped=0x0) returned 1 [0144.995] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60a360 [0144.995] ReadFile (in: hFile=0x21c, lpBuffer=0x60a360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x60a360*, lpNumberOfBytesRead=0xcbda88*=0x80e, lpOverlapped=0x0) returned 1 [0144.995] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60a360 | out: hHeap=0x5c0000) returned 1 [0144.995] CloseHandle (hObject=0x21c) returned 1 [0144.996] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0144.996] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65695590, ftCreationTime.dwHighDateTime=0x1d8f90e, ftLastAccessTime.dwLowDateTime=0x5f0e2f70, ftLastAccessTime.dwHighDateTime=0x1d8fdb6, ftLastWriteTime.dwLowDateTime=0x7d921b78, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1352e, dwReserved0=0x0, dwReserved1=0x0, cFileName="aJADt6bVVwkuva.pptx", cAlternateFileName="AJADT6~1.PPT")) returned 1 [0144.996] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.996] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.996] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.996] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.996] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.996] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.997] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\aJADt6bVVwkuva.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ajadt6bvvwkuva.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0144.997] GetFileType (hFile=0x21c) returned 0x1 [0144.997] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=79150) returned 1 [0144.997] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=79150) returned 1 [0144.997] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0144.997] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x1352e) returned 0x615910 [0144.997] ReadFile (in: hFile=0x21c, lpBuffer=0x615910, nNumberOfBytesToRead=0x13000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbdaf8*=0x13000, lpOverlapped=0x0) returned 1 [0144.998] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60a360 [0144.998] ReadFile (in: hFile=0x21c, lpBuffer=0x60a360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x60a360*, lpNumberOfBytesRead=0xcbda88*=0x52e, lpOverlapped=0x0) returned 1 [0144.998] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60a360 | out: hHeap=0x5c0000) returned 1 [0144.998] CloseHandle (hObject=0x21c) returned 1 [0144.999] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0144.999] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7d96e03a, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x52a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0144.999] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.999] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0144.999] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0144.999] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.000] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.000] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.000] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0145.000] GetFileType (hFile=0x21c) returned 0x1 [0145.000] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21152) returned 1 [0145.000] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21152) returned 1 [0145.000] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.000] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.001] CloseHandle (hObject=0x21c) returned 1 [0145.001] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21fef5e0, ftCreationTime.dwHighDateTime=0x1d8accd, ftLastAccessTime.dwLowDateTime=0xe38ce010, ftLastAccessTime.dwHighDateTime=0x1d8af29, ftLastWriteTime.dwLowDateTime=0x7da792af, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1811e, dwReserved0=0x0, dwReserved1=0x0, cFileName="dPfH.xlsx", cAlternateFileName="DPFH~1.XLS")) returned 1 [0145.001] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.001] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.001] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.001] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.001] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.001] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.002] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\dPfH.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\dpfh.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0145.002] GetFileType (hFile=0x21c) returned 0x1 [0145.002] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=98590) returned 1 [0145.002] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=98590) returned 1 [0145.002] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0145.002] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x1811e) returned 0x615910 [0145.002] ReadFile (in: hFile=0x21c, lpBuffer=0x615910, nNumberOfBytesToRead=0x18000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbdaf8*=0x18000, lpOverlapped=0x0) returned 1 [0145.003] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x6032f0 [0145.003] ReadFile (in: hFile=0x21c, lpBuffer=0x6032f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x6032f0*, lpNumberOfBytesRead=0xcbda88*=0x11e, lpOverlapped=0x0) returned 1 [0145.004] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x6032f0 | out: hHeap=0x5c0000) returned 1 [0145.004] CloseHandle (hObject=0x21c) returned 1 [0145.005] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.099] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7b20440, ftCreationTime.dwHighDateTime=0x1d92b54, ftLastAccessTime.dwLowDateTime=0x2afe0470, ftLastAccessTime.dwHighDateTime=0x1d93462, ftLastWriteTime.dwLowDateTime=0x7db11945, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x11a60, dwReserved0=0x0, dwReserved1=0x0, cFileName="gIrC80297sFhHoMM1Ql3.pps", cAlternateFileName="GIRC80~1.PPS")) returned 1 [0145.100] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.100] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.100] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.100] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.100] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.100] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.100] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\gIrC80297sFhHoMM1Ql3.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\girc80297sfhhomm1ql3.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0145.101] GetFileType (hFile=0x21c) returned 0x1 [0145.101] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=72288) returned 1 [0145.101] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=72288) returned 1 [0145.101] SetFilePointerEx (in: hFile=0x21c, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.101] ReadFile (in: hFile=0x21c, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.102] CloseHandle (hObject=0x21c) returned 1 [0145.102] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb8bedc0, ftCreationTime.dwHighDateTime=0x1d91de6, ftLastAccessTime.dwLowDateTime=0x2e791e20, ftLastAccessTime.dwHighDateTime=0x1d93104, ftLastWriteTime.dwLowDateTime=0x7db37c1b, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x856e, dwReserved0=0x0, dwReserved1=0x0, cFileName="i- aInfNn8gwF6sT2ZSD.docx", cAlternateFileName="I-AINF~1.DOC")) returned 1 [0145.102] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.102] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.102] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.102] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.102] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.102] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.115] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\i- aInfNn8gwF6sT2ZSD.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\i- ainfnn8gwf6st2zsd.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.116] GetFileType (hFile=0x290) returned 0x1 [0145.116] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=34158) returned 1 [0145.116] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=34158) returned 1 [0145.116] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0145.116] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x856e) returned 0x615910 [0145.116] ReadFile (in: hFile=0x290, lpBuffer=0x615910, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbdaf8*=0x8000, lpOverlapped=0x0) returned 1 [0145.116] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60a360 [0145.117] ReadFile (in: hFile=0x290, lpBuffer=0x60a360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x60a360*, lpNumberOfBytesRead=0xcbda88*=0x56e, lpOverlapped=0x0) returned 1 [0145.117] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60a360 | out: hHeap=0x5c0000) returned 1 [0145.117] CloseHandle (hObject=0x290) returned 1 [0145.118] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.118] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43787560, ftCreationTime.dwHighDateTime=0x1d91538, ftLastAccessTime.dwLowDateTime=0x23b811a0, ftLastAccessTime.dwHighDateTime=0x1d917b7, ftLastWriteTime.dwLowDateTime=0x7db5ed67, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xe5e, dwReserved0=0x0, dwReserved1=0x0, cFileName="i1cfxv.pptx", cAlternateFileName="I1CFXV~1.PPT")) returned 1 [0145.118] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.118] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.118] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.118] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.118] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.118] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.118] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\i1cfxv.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\i1cfxv.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.119] GetFileType (hFile=0x290) returned 0x1 [0145.119] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=3678) returned 1 [0145.119] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=3678) returned 1 [0145.119] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0145.119] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0xe5e) returned 0x615910 [0145.119] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60a360 [0145.119] ReadFile (in: hFile=0x290, lpBuffer=0x60a360, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x60a360*, lpNumberOfBytesRead=0xcbda88*=0xe5e, lpOverlapped=0x0) returned 1 [0145.120] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60a360 | out: hHeap=0x5c0000) returned 1 [0145.120] CloseHandle (hObject=0x290) returned 1 [0145.120] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.120] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5e547c00, ftCreationTime.dwHighDateTime=0x1d9295e, ftLastAccessTime.dwLowDateTime=0xcf6a6660, ftLastAccessTime.dwHighDateTime=0x1d92cc0, ftLastWriteTime.dwLowDateTime=0xcf6a6660, ftLastWriteTime.dwHighDateTime=0x1d92cc0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JMnxWVH_VkEeY JKK9", cAlternateFileName="JMNXWV~1")) returned 1 [0145.120] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.120] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.121] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.121] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.121] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.121] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.121] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x5cfa20 [0145.121] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.121] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.121] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.121] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.121] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.121] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.121] FindNextFileW (in: hFindFile=0x5cfa20, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5e547c00, ftCreationTime.dwHighDateTime=0x1d9295e, ftLastAccessTime.dwLowDateTime=0xcf6a6660, ftLastAccessTime.dwHighDateTime=0x1d92cc0, ftLastWriteTime.dwLowDateTime=0xcf6a6660, ftLastWriteTime.dwHighDateTime=0x1d92cc0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x35, cFileName="..", cAlternateFileName="")) returned 1 [0145.122] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.122] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.122] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.122] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.122] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.122] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.122] FindNextFileW (in: hFindFile=0x5cfa20, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6124cb0, ftCreationTime.dwHighDateTime=0x1d92842, ftLastAccessTime.dwLowDateTime=0x17bbcc00, ftLastAccessTime.dwHighDateTime=0x1d933de, ftLastWriteTime.dwLowDateTime=0x17bbcc00, ftLastWriteTime.dwHighDateTime=0x1d933de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x35, cFileName="3vwP7Ny7F0uOf", cAlternateFileName="3VWP7N~1")) returned 1 [0145.122] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.122] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.122] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.122] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.122] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.122] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.122] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\3vwP7Ny7F0uOf\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\3vwp7ny7f0uof\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbc810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbc810) returned 0x5cff00 [0145.122] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.122] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.123] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.123] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.123] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.123] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.123] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa6124cb0, ftCreationTime.dwHighDateTime=0x1d92842, ftLastAccessTime.dwLowDateTime=0x17bbcc00, ftLastAccessTime.dwHighDateTime=0x1d933de, ftLastWriteTime.dwLowDateTime=0x17bbcc00, ftLastWriteTime.dwHighDateTime=0x1d933de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 1 [0145.123] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.123] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.123] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.123] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.123] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.123] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.123] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75bca160, ftCreationTime.dwHighDateTime=0x1d92e09, ftLastAccessTime.dwLowDateTime=0x7b137940, ftLastAccessTime.dwHighDateTime=0x1d930e8, ftLastWriteTime.dwLowDateTime=0x7db5ed67, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x52de, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="2ejGWQ2Q1PK.csv", cAlternateFileName="2EJGWQ~1.CSV")) returned 1 [0145.123] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.123] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.123] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.123] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.123] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.124] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.124] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\3vwP7Ny7F0uOf\\2ejGWQ2Q1PK.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\3vwp7ny7f0uof\\2ejgwq2q1pk.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbc818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0145.124] GetFileType (hFile=0x28c) returned 0x1 [0145.124] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbc9a8*=21214) returned 1 [0145.124] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbc958*=21214) returned 1 [0145.124] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbc9a8*=0) returned 1 [0145.124] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x52de) returned 0x615910 [0145.124] ReadFile (in: hFile=0x28c, lpBuffer=0x615910, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcbc918, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbc918*=0x5000, lpOverlapped=0x0) returned 1 [0145.125] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60b370 [0145.125] ReadFile (in: hFile=0x28c, lpBuffer=0x60b370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbc8a8, lpOverlapped=0x0 | out: lpBuffer=0x60b370*, lpNumberOfBytesRead=0xcbc8a8*=0x2de, lpOverlapped=0x0) returned 1 [0145.125] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60b370 | out: hHeap=0x5c0000) returned 1 [0145.125] CloseHandle (hObject=0x28c) returned 1 [0145.126] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.126] FindNextFileW (in: hFindFile=0x5cff00, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x26001b3d, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.126] GetLastError () returned 0x12 [0145.126] GetLastError () returned 0x12 [0145.126] SetLastError (dwErrCode=0x12) [0145.126] FindClose (in: hFindFile=0x5cff00 | out: hFindFile=0x5cff00) returned 1 [0145.126] FindNextFileW (in: hFindFile=0x5cfa20, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x931f3210, ftCreationTime.dwHighDateTime=0x1d928e4, ftLastAccessTime.dwLowDateTime=0xc97d1cb0, ftLastAccessTime.dwHighDateTime=0x1d92c17, ftLastWriteTime.dwLowDateTime=0x7dcb6388, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xe1de, dwReserved0=0x0, dwReserved1=0x35, cFileName="eKSamG4h.csv", cAlternateFileName="")) returned 1 [0145.126] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.126] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.127] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.127] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.127] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.127] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.127] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\eKSamG4h.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\eksamg4h.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0145.127] GetFileType (hFile=0x288) returned 0x1 [0145.127] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbd298*=57822) returned 1 [0145.127] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcbd248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbd248*=57822) returned 1 [0145.127] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbd298*=0) returned 1 [0145.127] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0xe1de) returned 0x615910 [0145.128] ReadFile (in: hFile=0x288, lpBuffer=0x615910, nNumberOfBytesToRead=0xe000, lpNumberOfBytesRead=0xcbd208, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbd208*=0xe000, lpOverlapped=0x0) returned 1 [0145.128] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x6032f0 [0145.128] ReadFile (in: hFile=0x288, lpBuffer=0x6032f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbd198, lpOverlapped=0x0 | out: lpBuffer=0x6032f0*, lpNumberOfBytesRead=0xcbd198*=0x1de, lpOverlapped=0x0) returned 1 [0145.128] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x6032f0 | out: hHeap=0x5c0000) returned 1 [0145.128] CloseHandle (hObject=0x288) returned 1 [0145.129] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.129] FindNextFileW (in: hFindFile=0x5cfa20, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd7a891e0, ftCreationTime.dwHighDateTime=0x1d9316f, ftLastAccessTime.dwLowDateTime=0xdeaab870, ftLastAccessTime.dwHighDateTime=0x1d93290, ftLastWriteTime.dwLowDateTime=0xdeaab870, ftLastWriteTime.dwHighDateTime=0x1d93290, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fagweFCcJWoKDe1Q", cAlternateFileName="FAGWEF~1")) returned 1 [0145.129] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.129] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.129] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.129] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.130] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.130] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.130] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\fagweFCcJWoKDe1Q\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\fagwefccjwokde1q\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbc810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbc810) returned 0x5d05c0 [0145.130] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.130] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.130] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.130] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.130] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.130] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.130] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd7a891e0, ftCreationTime.dwHighDateTime=0x1d9316f, ftLastAccessTime.dwLowDateTime=0xdeaab870, ftLastAccessTime.dwHighDateTime=0x1d93290, ftLastWriteTime.dwLowDateTime=0xdeaab870, ftLastWriteTime.dwHighDateTime=0x1d93290, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.130] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.130] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.131] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.131] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.131] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.131] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.131] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x556fc3a0, ftCreationTime.dwHighDateTime=0x1d932ce, ftLastAccessTime.dwLowDateTime=0xeda44f0, ftLastAccessTime.dwHighDateTime=0x1d9361c, ftLastWriteTime.dwLowDateTime=0x7dcdb5e0, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xb49e, dwReserved0=0x0, dwReserved1=0x0, cFileName="9k0JJ5Y1erJl.csv", cAlternateFileName="9K0JJ5~1.CSV")) returned 1 [0145.131] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.131] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.131] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.131] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.131] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.131] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.131] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\fagweFCcJWoKDe1Q\\9k0JJ5Y1erJl.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\fagwefccjwokde1q\\9k0jj5y1erjl.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbc818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0145.131] GetFileType (hFile=0x28c) returned 0x1 [0145.132] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbc9a8*=46238) returned 1 [0145.132] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbc958*=46238) returned 1 [0145.132] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbc9a8*=0) returned 1 [0145.132] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0xb49e) returned 0x615910 [0145.132] ReadFile (in: hFile=0x28c, lpBuffer=0x615910, nNumberOfBytesToRead=0xb000, lpNumberOfBytesRead=0xcbc918, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbc918*=0xb000, lpOverlapped=0x0) returned 1 [0145.132] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60b370 [0145.132] ReadFile (in: hFile=0x28c, lpBuffer=0x60b370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbc8a8, lpOverlapped=0x0 | out: lpBuffer=0x60b370*, lpNumberOfBytesRead=0xcbc8a8*=0x49e, lpOverlapped=0x0) returned 1 [0145.133] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60b370 | out: hHeap=0x5c0000) returned 1 [0145.133] CloseHandle (hObject=0x28c) returned 1 [0145.133] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.133] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbeb6bda0, ftCreationTime.dwHighDateTime=0x1d92ab3, ftLastAccessTime.dwLowDateTime=0x63aeb9a0, ftLastAccessTime.dwHighDateTime=0x1d930fb, ftLastWriteTime.dwLowDateTime=0x7dd27a1f, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x6cae, dwReserved0=0x0, dwReserved1=0x0, cFileName="CnmZgLgajw2D.pdf", cAlternateFileName="CNMZGL~1.PDF")) returned 1 [0145.134] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.134] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.134] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.134] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.134] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.134] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.134] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\fagweFCcJWoKDe1Q\\CnmZgLgajw2D.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\fagwefccjwokde1q\\cnmzglgajw2d.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbc818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0145.134] GetFileType (hFile=0x28c) returned 0x1 [0145.134] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbc9a8*=27822) returned 1 [0145.134] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbc958*=27822) returned 1 [0145.135] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbc9a8*=0) returned 1 [0145.135] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x6cae) returned 0x615910 [0145.135] ReadFile (in: hFile=0x28c, lpBuffer=0x615910, nNumberOfBytesToRead=0x6000, lpNumberOfBytesRead=0xcbc918, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbc918*=0x6000, lpOverlapped=0x0) returned 1 [0145.135] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x604300 [0145.135] ReadFile (in: hFile=0x28c, lpBuffer=0x604300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbc8a8, lpOverlapped=0x0 | out: lpBuffer=0x604300*, lpNumberOfBytesRead=0xcbc8a8*=0xcae, lpOverlapped=0x0) returned 1 [0145.136] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x604300 | out: hHeap=0x5c0000) returned 1 [0145.136] CloseHandle (hObject=0x28c) returned 1 [0145.136] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.136] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd53e17e0, ftCreationTime.dwHighDateTime=0x1d92e09, ftLastAccessTime.dwLowDateTime=0x1f900f80, ftLastAccessTime.dwHighDateTime=0x1d92f34, ftLastWriteTime.dwLowDateTime=0x7dd4dd2e, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xffde, dwReserved0=0x0, dwReserved1=0x0, cFileName="F4SU660iGO.pps", cAlternateFileName="F4SU66~1.PPS")) returned 1 [0145.136] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.136] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.136] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.136] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.137] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.137] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.137] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\fagweFCcJWoKDe1Q\\F4SU660iGO.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\fagwefccjwokde1q\\f4su660igo.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0145.137] GetFileType (hFile=0x28c) returned 0x1 [0145.137] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=65502) returned 1 [0145.137] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=65502) returned 1 [0145.137] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.137] ReadFile (in: hFile=0x28c, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.138] CloseHandle (hObject=0x28c) returned 1 [0145.138] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd030f1c0, ftCreationTime.dwHighDateTime=0x1d9293e, ftLastAccessTime.dwLowDateTime=0x41246490, ftLastAccessTime.dwHighDateTime=0x1d93437, ftLastWriteTime.dwLowDateTime=0x7ddc0433, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xacde, dwReserved0=0x0, dwReserved1=0x0, cFileName="fn-0 d2Jap.xls", cAlternateFileName="FN-0D2~1.XLS")) returned 1 [0145.138] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.138] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.138] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.138] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.138] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.138] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.138] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\fagweFCcJWoKDe1Q\\fn-0 d2Jap.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\fagwefccjwokde1q\\fn-0 d2jap.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbc818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0145.139] GetFileType (hFile=0x28c) returned 0x1 [0145.139] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbc9a8*=44254) returned 1 [0145.139] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbc958*=44254) returned 1 [0145.139] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbc9a8*=0) returned 1 [0145.139] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0xacde) returned 0x615910 [0145.139] ReadFile (in: hFile=0x28c, lpBuffer=0x615910, nNumberOfBytesToRead=0xa000, lpNumberOfBytesRead=0xcbc918, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbc918*=0xa000, lpOverlapped=0x0) returned 1 [0145.139] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x60b370 [0145.139] ReadFile (in: hFile=0x28c, lpBuffer=0x60b370, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbc8a8, lpOverlapped=0x0 | out: lpBuffer=0x60b370*, lpNumberOfBytesRead=0xcbc8a8*=0xcde, lpOverlapped=0x0) returned 1 [0145.140] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x60b370 | out: hHeap=0x5c0000) returned 1 [0145.140] CloseHandle (hObject=0x28c) returned 1 [0145.141] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.141] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x8800159d, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.141] GetLastError () returned 0x12 [0145.141] GetLastError () returned 0x12 [0145.141] SetLastError (dwErrCode=0x12) [0145.141] FindClose (in: hFindFile=0x5d05c0 | out: hFindFile=0x5d05c0) returned 1 [0145.141] FindNextFileW (in: hFindFile=0x5cfa20, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0706b00, ftCreationTime.dwHighDateTime=0x1d92835, ftLastAccessTime.dwLowDateTime=0x1f27a210, ftLastAccessTime.dwHighDateTime=0x1d92994, ftLastWriteTime.dwLowDateTime=0x7dde6668, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x16fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="hXnTSJr.odp", cAlternateFileName="")) returned 1 [0145.141] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.141] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.141] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.142] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.142] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.142] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.142] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\hXnTSJr.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\hxntsjr.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0145.142] GetFileType (hFile=0x288) returned 0x1 [0145.142] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=94132) returned 1 [0145.142] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=94132) returned 1 [0145.143] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.143] ReadFile (in: hFile=0x288, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.143] CloseHandle (hObject=0x288) returned 1 [0145.143] FindNextFileW (in: hFindFile=0x5cfa20, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66776650, ftCreationTime.dwHighDateTime=0x1d92af7, ftLastAccessTime.dwLowDateTime=0x678d4a30, ftLastAccessTime.dwHighDateTime=0x1d93139, ftLastWriteTime.dwLowDateTime=0x7de0c95b, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x95de, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vh2glqLH1V.xls", cAlternateFileName="VH2GLQ~1.XLS")) returned 1 [0145.143] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.144] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.144] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.144] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.144] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.144] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.144] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\Vh2glqLH1V.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\vh2glqlh1v.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0145.144] GetFileType (hFile=0x288) returned 0x1 [0145.145] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbd298*=38366) returned 1 [0145.145] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcbd248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbd248*=38366) returned 1 [0145.145] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbd298*=0) returned 1 [0145.145] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x95de) returned 0x615910 [0145.145] ReadFile (in: hFile=0x288, lpBuffer=0x615910, nNumberOfBytesToRead=0x9000, lpNumberOfBytesRead=0xcbd208, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbd208*=0x9000, lpOverlapped=0x0) returned 1 [0145.146] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x6032f0 [0145.146] ReadFile (in: hFile=0x288, lpBuffer=0x6032f0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbd198, lpOverlapped=0x0 | out: lpBuffer=0x6032f0*, lpNumberOfBytesRead=0xcbd198*=0x5de, lpOverlapped=0x0) returned 1 [0145.147] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x6032f0 | out: hHeap=0x5c0000) returned 1 [0145.147] CloseHandle (hObject=0x288) returned 1 [0145.148] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.148] FindNextFileW (in: hFindFile=0x5cfa20, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47fd1d10, ftCreationTime.dwHighDateTime=0x1d92df8, ftLastAccessTime.dwLowDateTime=0xfcfb8530, ftLastAccessTime.dwHighDateTime=0x1d92e25, ftLastWriteTime.dwLowDateTime=0xfcfb8530, ftLastWriteTime.dwHighDateTime=0x1d92e25, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="W5M-", cAlternateFileName="")) returned 1 [0145.148] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.148] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.148] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.148] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.148] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.148] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.148] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\W5M-\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\w5m-\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbc810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbc810) returned 0x5d05c0 [0145.149] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.149] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.149] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.149] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.149] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.149] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.149] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47fd1d10, ftCreationTime.dwHighDateTime=0x1d92df8, ftLastAccessTime.dwLowDateTime=0xfcfb8530, ftLastAccessTime.dwHighDateTime=0x1d92e25, ftLastWriteTime.dwLowDateTime=0xfcfb8530, ftLastWriteTime.dwHighDateTime=0x1d92e25, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.149] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.149] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.149] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.149] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.149] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.149] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.150] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xebed6660, ftCreationTime.dwHighDateTime=0x1d93329, ftLastAccessTime.dwLowDateTime=0x5c56e9c0, ftLastAccessTime.dwHighDateTime=0x1d93600, ftLastWriteTime.dwLowDateTime=0x7de58dd0, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x16cee, dwReserved0=0x0, dwReserved1=0x0, cFileName="gMxI3jBTRFbiX9pWbXu.docx", cAlternateFileName="GMXI3J~1.DOC")) returned 1 [0145.150] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.150] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.150] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.150] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.150] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.150] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.150] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\W5M-\\gMxI3jBTRFbiX9pWbXu.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\w5m-\\gmxi3jbtrfbix9pwbxu.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbc818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0145.150] GetFileType (hFile=0x28c) returned 0x1 [0145.151] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbc9a8*=93422) returned 1 [0145.151] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbc958*=93422) returned 1 [0145.151] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbc9a8*=0) returned 1 [0145.151] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x16cee) returned 0x615910 [0145.151] ReadFile (in: hFile=0x28c, lpBuffer=0x615910, nNumberOfBytesToRead=0x16000, lpNumberOfBytesRead=0xcbc918, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbc918*=0x16000, lpOverlapped=0x0) returned 1 [0145.213] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x62e680 [0145.213] ReadFile (in: hFile=0x28c, lpBuffer=0x62e680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbc8a8, lpOverlapped=0x0 | out: lpBuffer=0x62e680*, lpNumberOfBytesRead=0xcbc8a8*=0xcee, lpOverlapped=0x0) returned 1 [0145.214] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x62e680 | out: hHeap=0x5c0000) returned 1 [0145.214] CloseHandle (hObject=0x28c) returned 1 [0145.216] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.218] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90afc370, ftCreationTime.dwHighDateTime=0x1d9353f, ftLastAccessTime.dwLowDateTime=0x10ae90d0, ftLastAccessTime.dwHighDateTime=0x1d9354d, ftLastWriteTime.dwLowDateTime=0x7de7eff0, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x19750, dwReserved0=0x0, dwReserved1=0x0, cFileName="MxzwvznxGUpfEWUPt7.odt", cAlternateFileName="MXZWVZ~1.ODT")) returned 1 [0145.218] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.218] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.218] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.218] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.218] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.218] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.218] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\W5M-\\MxzwvznxGUpfEWUPt7.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\w5m-\\mxzwvznxgupfewupt7.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0145.219] GetFileType (hFile=0x28c) returned 0x1 [0145.219] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=104272) returned 1 [0145.219] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=104272) returned 1 [0145.219] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.219] ReadFile (in: hFile=0x28c, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.220] CloseHandle (hObject=0x28c) returned 1 [0145.220] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9314a6f0, ftCreationTime.dwHighDateTime=0x1d92ba6, ftLastAccessTime.dwLowDateTime=0xd660a5e0, ftLastAccessTime.dwHighDateTime=0x1d92dbc, ftLastWriteTime.dwLowDateTime=0x7de7eff0, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x247e, dwReserved0=0x0, dwReserved1=0x0, cFileName="RkyCu.xls", cAlternateFileName="")) returned 1 [0145.220] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.220] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.220] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.220] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.221] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.221] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.221] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\W5M-\\RkyCu.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\w5m-\\rkycu.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbc818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0145.221] GetFileType (hFile=0x28c) returned 0x1 [0145.221] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbc9a8*=9342) returned 1 [0145.221] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbc958*=9342) returned 1 [0145.222] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbc9a8*=0) returned 1 [0145.222] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x247e) returned 0x64c620 [0145.222] ReadFile (in: hFile=0x28c, lpBuffer=0x64c620, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xcbc918, lpOverlapped=0x0 | out: lpBuffer=0x64c620*, lpNumberOfBytesRead=0xcbc918*=0x2000, lpOverlapped=0x0) returned 1 [0145.222] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x62e680 [0145.222] ReadFile (in: hFile=0x28c, lpBuffer=0x62e680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbc8a8, lpOverlapped=0x0 | out: lpBuffer=0x62e680*, lpNumberOfBytesRead=0xcbc8a8*=0x47e, lpOverlapped=0x0) returned 1 [0145.223] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x62e680 | out: hHeap=0x5c0000) returned 1 [0145.225] CloseHandle (hObject=0x28c) returned 1 [0145.226] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x64c620 | out: hHeap=0x5c0000) returned 1 [0145.226] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76233320, ftCreationTime.dwHighDateTime=0x1d930c1, ftLastAccessTime.dwLowDateTime=0x5e6e5cc0, ftLastAccessTime.dwHighDateTime=0x1d934bb, ftLastWriteTime.dwLowDateTime=0x7e04a037, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1180e, dwReserved0=0x0, dwReserved1=0x0, cFileName="xsz6r2s1m.pdf", cAlternateFileName="XSZ6R2~1.PDF")) returned 1 [0145.226] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.226] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.226] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.226] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.227] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.227] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.227] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\W5M-\\xsz6r2s1m.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\w5m-\\xsz6r2s1m.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbc818, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0145.227] GetFileType (hFile=0x28c) returned 0x1 [0145.227] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbc9a8*=71694) returned 1 [0145.227] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc958, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbc958*=71694) returned 1 [0145.228] SetFilePointerEx (in: hFile=0x28c, liDistanceToMove=0x0, lpNewFilePointer=0xcbc9a8, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbc9a8*=0) returned 1 [0145.228] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x1180e) returned 0x615910 [0145.230] ReadFile (in: hFile=0x28c, lpBuffer=0x615910, nNumberOfBytesToRead=0x11000, lpNumberOfBytesRead=0xcbc918, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbc918*=0x11000, lpOverlapped=0x0) returned 1 [0145.231] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x62c660 [0145.231] ReadFile (in: hFile=0x28c, lpBuffer=0x62c660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbc8a8, lpOverlapped=0x0 | out: lpBuffer=0x62c660*, lpNumberOfBytesRead=0xcbc8a8*=0x80e, lpOverlapped=0x0) returned 1 [0145.232] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x62c660 | out: hHeap=0x5c0000) returned 1 [0145.232] CloseHandle (hObject=0x28c) returned 1 [0145.234] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.235] FindNextFileW (in: hFindFile=0x5d05c0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x4b00054e, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.235] GetLastError () returned 0x12 [0145.235] GetLastError () returned 0x12 [0145.235] SetLastError (dwErrCode=0x12) [0145.235] FindClose (in: hFindFile=0x5d05c0 | out: hFindFile=0x5d05c0) returned 1 [0145.235] FindNextFileW (in: hFindFile=0x5cfa20, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a1e3230, ftCreationTime.dwHighDateTime=0x1d92d64, ftLastAccessTime.dwLowDateTime=0x1bd72fd0, ftLastAccessTime.dwHighDateTime=0x1d92e7c, ftLastWriteTime.dwLowDateTime=0x7e0950a9, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x6020, dwReserved0=0x0, dwReserved1=0x0, cFileName="y8N8SHV2.ots", cAlternateFileName="")) returned 1 [0145.235] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.235] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.235] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.235] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.236] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.236] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.236] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JMnxWVH_VkEeY JKK9\\y8N8SHV2.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jmnxwvh_vkeey jkk9\\y8n8shv2.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0145.236] GetFileType (hFile=0x288) returned 0x1 [0145.236] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=24608) returned 1 [0145.236] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=24608) returned 1 [0145.237] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.237] ReadFile (in: hFile=0x288, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.237] CloseHandle (hObject=0x288) returned 1 [0145.237] FindNextFileW (in: hFindFile=0x5cfa20, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.237] GetLastError () returned 0x12 [0145.237] GetLastError () returned 0x12 [0145.238] SetLastError (dwErrCode=0x12) [0145.238] FindClose (in: hFindFile=0x5cfa20 | out: hFindFile=0x5cfa20) returned 1 [0145.238] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3e1a810, ftCreationTime.dwHighDateTime=0x1d92941, ftLastAccessTime.dwLowDateTime=0xc5349a80, ftLastAccessTime.dwHighDateTime=0x1d92cfc, ftLastWriteTime.dwLowDateTime=0x7e0950a9, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xfbaa, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="lxly.ots", cAlternateFileName="")) returned 1 [0145.238] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.238] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.238] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.238] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.238] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.238] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.238] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\lxly.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lxly.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.239] GetFileType (hFile=0x290) returned 0x1 [0145.239] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=64426) returned 1 [0145.239] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=64426) returned 1 [0145.239] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.240] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.240] CloseHandle (hObject=0x290) returned 1 [0145.240] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0145.240] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.240] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.240] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.240] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.241] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.241] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.241] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my music\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0xffffffffffffffff [0145.241] GetLastError () returned 0x5 [0145.241] GetLastError () returned 0x5 [0145.241] SetLastError (dwErrCode=0x5) [0145.241] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0145.241] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.241] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.241] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.241] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.241] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.241] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.242] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my pictures\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0xffffffffffffffff [0145.242] GetLastError () returned 0x5 [0145.242] GetLastError () returned 0x5 [0145.242] SetLastError (dwErrCode=0x5) [0145.242] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0145.242] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.242] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.242] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.242] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.242] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.242] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.242] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\my videos\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0xffffffffffffffff [0145.242] GetLastError () returned 0x5 [0145.242] GetLastError () returned 0x5 [0145.242] SetLastError (dwErrCode=0x5) [0145.243] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x839084fb, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x886727b4, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0145.243] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.243] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.243] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.243] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.243] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.243] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.243] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x5cf960 [0145.243] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.243] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.243] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.243] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.244] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.244] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.244] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x839084fb, ftLastAccessTime.dwHighDateTime=0x1d8a651, ftLastWriteTime.dwLowDateTime=0x886727b4, ftLastWriteTime.dwHighDateTime=0x1d8a651, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.244] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.244] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.244] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.244] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.244] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.244] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.244] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6397affd, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6397affd, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x7e0e1469, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x47510, dwReserved0=0x0, dwReserved1=0x0, cFileName="achoo@gdllo.de.pst", cAlternateFileName="ACHOO@~1.PST")) returned 1 [0145.244] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.244] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.244] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.244] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.244] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.245] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.245] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x288 [0145.245] GetFileType (hFile=0x288) returned 0x1 [0145.245] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=292112) returned 1 [0145.245] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=292112) returned 1 [0145.245] SetFilePointerEx (in: hFile=0x288, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.246] ReadFile (in: hFile=0x288, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.246] CloseHandle (hObject=0x288) returned 1 [0145.246] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.246] GetLastError () returned 0x12 [0145.246] GetLastError () returned 0x12 [0145.246] SetLastError (dwErrCode=0x12) [0145.246] FindClose (in: hFindFile=0x5cf960 | out: hFindFile=0x5cf960) returned 1 [0145.246] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99eef280, ftCreationTime.dwHighDateTime=0x1d8f124, ftLastAccessTime.dwLowDateTime=0x910f0530, ftLastAccessTime.dwHighDateTime=0x1d90220, ftLastWriteTime.dwLowDateTime=0x7e180209, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x14a9e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PzvzVyFhA-dtE.docx", cAlternateFileName="PZVZVY~1.DOC")) returned 1 [0145.247] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.247] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.247] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.247] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.247] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.247] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.247] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\PzvzVyFhA-dtE.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\pzvzvyfha-dte.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.247] GetFileType (hFile=0x290) returned 0x1 [0145.247] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=84638) returned 1 [0145.248] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=84638) returned 1 [0145.248] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0145.248] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x14a9e) returned 0x615910 [0145.250] ReadFile (in: hFile=0x290, lpBuffer=0x615910, nNumberOfBytesToRead=0x14000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbdaf8*=0x14000, lpOverlapped=0x0) returned 1 [0145.289] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x62c660 [0145.289] ReadFile (in: hFile=0x290, lpBuffer=0x62c660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x62c660*, lpNumberOfBytesRead=0xcbda88*=0xa9e, lpOverlapped=0x0) returned 1 [0145.290] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x62c660 | out: hHeap=0x5c0000) returned 1 [0145.290] CloseHandle (hObject=0x290) returned 1 [0145.292] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.292] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f32f10, ftCreationTime.dwHighDateTime=0x1d8f703, ftLastAccessTime.dwLowDateTime=0x27d19680, ftLastAccessTime.dwHighDateTime=0x1d8ff16, ftLastWriteTime.dwLowDateTime=0x7e1c6395, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xefde, dwReserved0=0x0, dwReserved1=0x0, cFileName="SCTYy9mjk3.docx", cAlternateFileName="SCTYY9~1.DOC")) returned 1 [0145.293] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.293] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.293] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.293] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.293] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.293] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.293] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\SCTYy9mjk3.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sctyy9mjk3.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.293] GetFileType (hFile=0x290) returned 0x1 [0145.293] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=61406) returned 1 [0145.294] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=61406) returned 1 [0145.294] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0145.294] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0xefde) returned 0x615910 [0145.295] ReadFile (in: hFile=0x290, lpBuffer=0x615910, nNumberOfBytesToRead=0xe000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x615910*, lpNumberOfBytesRead=0xcbdaf8*=0xe000, lpOverlapped=0x0) returned 1 [0145.296] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x62c660 [0145.296] ReadFile (in: hFile=0x290, lpBuffer=0x62c660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x62c660*, lpNumberOfBytesRead=0xcbda88*=0xfde, lpOverlapped=0x0) returned 1 [0145.296] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x62c660 | out: hHeap=0x5c0000) returned 1 [0145.297] CloseHandle (hObject=0x290) returned 1 [0145.298] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x615910 | out: hHeap=0x5c0000) returned 1 [0145.298] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5575a530, ftCreationTime.dwHighDateTime=0x1d8d064, ftLastAccessTime.dwLowDateTime=0x9226fc30, ftLastAccessTime.dwHighDateTime=0x1d8e163, ftLastWriteTime.dwLowDateTime=0x7e2389d3, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x6f8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="sswTI.pptx", cAlternateFileName="SSWTI~1.PPT")) returned 1 [0145.298] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.298] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.298] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.298] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.298] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.298] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.298] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sswTI.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sswti.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.299] GetFileType (hFile=0x290) returned 0x1 [0145.299] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=28558) returned 1 [0145.299] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=28558) returned 1 [0145.299] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0145.299] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x6f8e) returned 0x64ce30 [0145.300] ReadFile (in: hFile=0x290, lpBuffer=0x64ce30, nNumberOfBytesToRead=0x6000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x64ce30*, lpNumberOfBytesRead=0xcbdaf8*=0x6000, lpOverlapped=0x0) returned 1 [0145.301] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x62e680 [0145.301] ReadFile (in: hFile=0x290, lpBuffer=0x62e680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x62e680*, lpNumberOfBytesRead=0xcbda88*=0xf8e, lpOverlapped=0x0) returned 1 [0145.302] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x62e680 | out: hHeap=0x5c0000) returned 1 [0145.303] CloseHandle (hObject=0x290) returned 1 [0145.305] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x64ce30 | out: hHeap=0x5c0000) returned 1 [0145.305] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf301980, ftCreationTime.dwHighDateTime=0x1d92f79, ftLastAccessTime.dwLowDateTime=0x28fecb60, ftLastAccessTime.dwHighDateTime=0x1d93399, ftLastWriteTime.dwLowDateTime=0x28fecb60, ftLastWriteTime.dwHighDateTime=0x1d93399, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Uu2MHcR ne4f5 jN", cAlternateFileName="UU2MHC~1")) returned 1 [0145.305] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.305] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.305] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.305] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.305] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.305] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.305] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Uu2MHcR ne4f5 jN\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\uu2mhcr ne4f5 jn\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x5cf960 [0145.306] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.306] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.306] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.306] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.306] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.306] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.306] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf301980, ftCreationTime.dwHighDateTime=0x1d92f79, ftLastAccessTime.dwLowDateTime=0x28fecb60, ftLastAccessTime.dwHighDateTime=0x1d93399, ftLastWriteTime.dwLowDateTime=0x28fecb60, ftLastWriteTime.dwHighDateTime=0x1d93399, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x9, cFileName="..", cAlternateFileName="")) returned 1 [0145.306] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.306] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.306] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.306] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.307] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.307] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.307] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4826ae20, ftCreationTime.dwHighDateTime=0x1d93166, ftLastAccessTime.dwLowDateTime=0xe63553f0, ftLastAccessTime.dwHighDateTime=0x1d934e5, ftLastWriteTime.dwLowDateTime=0x7e25ecea, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x19333, dwReserved0=0x0, dwReserved1=0x9, cFileName="ejbo2.odt", cAlternateFileName="")) returned 1 [0145.307] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.307] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.307] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.307] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.307] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.307] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.307] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Uu2MHcR ne4f5 jN\\ejbo2.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\uu2mhcr ne4f5 jn\\ejbo2.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x300 [0145.308] GetFileType (hFile=0x300) returned 0x1 [0145.308] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=103219) returned 1 [0145.308] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=103219) returned 1 [0145.308] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.308] ReadFile (in: hFile=0x300, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.309] CloseHandle (hObject=0x300) returned 1 [0145.309] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f957c0, ftCreationTime.dwHighDateTime=0x1d927cb, ftLastAccessTime.dwLowDateTime=0x54879b00, ftLastAccessTime.dwHighDateTime=0x1d92e43, ftLastWriteTime.dwLowDateTime=0x7e2854b0, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x19d4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NGki7I1lYyPGQLmPou.ots", cAlternateFileName="NGKI7I~1.OTS")) returned 1 [0145.309] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.309] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.309] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.309] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.309] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.309] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.310] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Uu2MHcR ne4f5 jN\\NGki7I1lYyPGQLmPou.ots" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\uu2mhcr ne4f5 jn\\ngki7i1lyypgqlmpou.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x300 [0145.310] GetFileType (hFile=0x300) returned 0x1 [0145.310] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=105805) returned 1 [0145.310] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=105805) returned 1 [0145.310] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.311] ReadFile (in: hFile=0x300, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.311] CloseHandle (hObject=0x300) returned 1 [0145.311] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2473dbd0, ftCreationTime.dwHighDateTime=0x1d92642, ftLastAccessTime.dwLowDateTime=0x15a08f30, ftLastAccessTime.dwHighDateTime=0x1d93093, ftLastWriteTime.dwLowDateTime=0x7e2ab17f, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x10be, dwReserved0=0x0, dwReserved1=0x0, cFileName="zLTL9eQH4Dtg.xlsx", cAlternateFileName="ZLTL9E~1.XLS")) returned 1 [0145.311] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.311] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.312] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.312] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.312] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.312] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.312] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Uu2MHcR ne4f5 jN\\zLTL9eQH4Dtg.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\uu2mhcr ne4f5 jn\\zltl9eqh4dtg.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd108, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x300 [0145.312] GetFileType (hFile=0x300) returned 0x1 [0145.312] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbd298*=4286) returned 1 [0145.313] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0xcbd248, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbd248*=4286) returned 1 [0145.313] SetFilePointerEx (in: hFile=0x300, liDistanceToMove=0x0, lpNewFilePointer=0xcbd298, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbd298*=0) returned 1 [0145.313] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x10be) returned 0x64ce30 [0145.313] ReadFile (in: hFile=0x300, lpBuffer=0x64ce30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbd208, lpOverlapped=0x0 | out: lpBuffer=0x64ce30*, lpNumberOfBytesRead=0xcbd208*=0x1000, lpOverlapped=0x0) returned 1 [0145.313] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x62e680 [0145.313] ReadFile (in: hFile=0x300, lpBuffer=0x62e680, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbd198, lpOverlapped=0x0 | out: lpBuffer=0x62e680*, lpNumberOfBytesRead=0xcbd198*=0xbe, lpOverlapped=0x0) returned 1 [0145.314] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x62e680 | out: hHeap=0x5c0000) returned 1 [0145.314] CloseHandle (hObject=0x300) returned 1 [0145.315] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x64ce30 | out: hHeap=0x5c0000) returned 1 [0145.315] FindNextFileW (in: hFindFile=0x5cf960, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x400090d, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.315] GetLastError () returned 0x12 [0145.315] GetLastError () returned 0x12 [0145.315] SetLastError (dwErrCode=0x12) [0145.315] FindClose (in: hFindFile=0x5cf960 | out: hFindFile=0x5cf960) returned 1 [0145.316] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a5ecf30, ftCreationTime.dwHighDateTime=0x1d92502, ftLastAccessTime.dwLowDateTime=0x8f2a2760, ftLastAccessTime.dwHighDateTime=0x1d92866, ftLastWriteTime.dwLowDateTime=0x7e2d13f3, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x85ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="WQUodEcA-ws.docx", cAlternateFileName="WQUODE~1.DOC")) returned 1 [0145.316] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.316] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.316] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.316] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.316] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.316] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.316] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\WQUodEcA-ws.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\wquodeca-ws.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.317] GetFileType (hFile=0x290) returned 0x1 [0145.317] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=34254) returned 1 [0145.317] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=34254) returned 1 [0145.317] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0145.318] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x85ce) returned 0x64ce30 [0145.318] ReadFile (in: hFile=0x290, lpBuffer=0x64ce30, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x64ce30*, lpNumberOfBytesRead=0xcbdaf8*=0x8000, lpOverlapped=0x0) returned 1 [0145.319] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x62c660 [0145.319] ReadFile (in: hFile=0x290, lpBuffer=0x62c660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x62c660*, lpNumberOfBytesRead=0xcbda88*=0x5ce, lpOverlapped=0x0) returned 1 [0145.320] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x62c660 | out: hHeap=0x5c0000) returned 1 [0145.320] CloseHandle (hObject=0x290) returned 1 [0145.321] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x64ce30 | out: hHeap=0x5c0000) returned 1 [0145.321] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd8fc48b0, ftCreationTime.dwHighDateTime=0x1d92874, ftLastAccessTime.dwLowDateTime=0x1fdd4bd0, ftLastAccessTime.dwHighDateTime=0x1d92b68, ftLastWriteTime.dwLowDateTime=0x7e2f768a, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5670, dwReserved0=0x0, dwReserved1=0x0, cFileName="xmqtd.rtf", cAlternateFileName="")) returned 1 [0145.321] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.321] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.321] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.321] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.321] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.321] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.321] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\xmqtd.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xmqtd.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.322] GetFileType (hFile=0x290) returned 0x1 [0145.322] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=22128) returned 1 [0145.322] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=22128) returned 1 [0145.322] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.322] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.323] CloseHandle (hObject=0x290) returned 1 [0145.323] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcaa2b40, ftCreationTime.dwHighDateTime=0x1d8c2f7, ftLastAccessTime.dwLowDateTime=0x6315f3d0, ftLastAccessTime.dwHighDateTime=0x1d8f007, ftLastWriteTime.dwLowDateTime=0x7e31d964, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x16aae, dwReserved0=0x0, dwReserved1=0x0, cFileName="XWr5dH0Ij.pptx", cAlternateFileName="XWR5DH~1.PPT")) returned 1 [0145.323] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.323] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.323] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.323] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.323] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.323] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.324] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\XWr5dH0Ij.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\xwr5dh0ij.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcbd9f8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.324] GetFileType (hFile=0x290) returned 0x1 [0145.324] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcbdb88*=92846) returned 1 [0145.324] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcbdb38*=92846) returned 1 [0145.324] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcbdb88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcbdb88*=0) returned 1 [0145.324] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x0, Size=0x16aae) returned 0x64ce30 [0145.327] ReadFile (in: hFile=0x290, lpBuffer=0x64ce30, nNumberOfBytesToRead=0x16000, lpNumberOfBytesRead=0xcbdaf8, lpOverlapped=0x0 | out: lpBuffer=0x64ce30*, lpNumberOfBytesRead=0xcbdaf8*=0x16000, lpOverlapped=0x0) returned 1 [0145.370] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x1000) returned 0x62c660 [0145.370] ReadFile (in: hFile=0x290, lpBuffer=0x62c660, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcbda88, lpOverlapped=0x0 | out: lpBuffer=0x62c660*, lpNumberOfBytesRead=0xcbda88*=0xaae, lpOverlapped=0x0) returned 1 [0145.370] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x62c660 | out: hHeap=0x5c0000) returned 1 [0145.370] CloseHandle (hObject=0x290) returned 1 [0145.371] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x64ce30 | out: hHeap=0x5c0000) returned 1 [0145.373] FindNextFileW (in: hFindFile=0x5cf900, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x3c01003d, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.373] GetLastError () returned 0x12 [0145.373] GetLastError () returned 0x12 [0145.373] SetLastError (dwErrCode=0x12) [0145.373] FindClose (in: hFindFile=0x5cf900 | out: hFindFile=0x5cf900) returned 1 [0145.374] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0145.374] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.374] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.374] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.374] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.374] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.374] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.374] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5c89b0 [0145.374] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.374] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.374] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.374] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.375] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.375] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.375] FindNextFileW (in: hFindFile=0x5c89b0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.375] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.375] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.375] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.375] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.375] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.375] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.375] FindNextFileW (in: hFindFile=0x5c89b0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7e36bbfc, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5220, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0145.375] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.375] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.375] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.375] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.376] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.376] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.376] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.376] GetFileType (hFile=0x290) returned 0x1 [0145.376] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21024) returned 1 [0145.376] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21024) returned 1 [0145.377] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.377] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.377] CloseHandle (hObject=0x290) returned 1 [0145.377] FindNextFileW (in: hFindFile=0x5c89b0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.377] GetLastError () returned 0x12 [0145.378] GetLastError () returned 0x12 [0145.378] SetLastError (dwErrCode=0x12) [0145.378] FindClose (in: hFindFile=0x5c89b0 | out: hFindFile=0x5c89b0) returned 1 [0145.378] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0145.378] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.378] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.378] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.378] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.378] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.378] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.378] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5c8dd0 [0145.379] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.379] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.379] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.379] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.379] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.379] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.379] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.379] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.379] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.379] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.379] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.379] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.380] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.380] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43053b43, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43053b43, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7e3b607c, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x51e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bing.url", cAlternateFileName="")) returned 1 [0145.380] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.380] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.380] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.380] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.380] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.380] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.381] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.381] GetFileType (hFile=0x290) returned 0x1 [0145.381] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=20960) returned 1 [0145.381] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=20960) returned 1 [0145.381] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.381] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.382] CloseHandle (hObject=0x290) returned 1 [0145.382] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7e3b607c, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x52a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0145.382] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.382] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.382] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.382] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.383] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.383] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.383] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.383] GetFileType (hFile=0x290) returned 0x1 [0145.383] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21152) returned 1 [0145.383] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21152) returned 1 [0145.383] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.384] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.384] CloseHandle (hObject=0x290) returned 1 [0145.384] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0145.384] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.401] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.401] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.401] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.401] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.401] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.402] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x5c8ef0 [0145.403] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.403] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.403] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.403] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.403] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.403] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.403] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.403] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.403] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.404] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.404] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.404] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.404] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.404] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43079e90, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7e3dc4f9, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5160, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0145.404] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.404] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.404] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.404] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.404] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.404] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.405] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.405] GetFileType (hFile=0x314) returned 0x1 [0145.405] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=20832) returned 1 [0145.405] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=20832) returned 1 [0145.406] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.406] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.406] CloseHandle (hObject=0x314) returned 1 [0145.407] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.407] GetLastError () returned 0x12 [0145.407] GetLastError () returned 0x12 [0145.407] SetLastError (dwErrCode=0x12) [0145.407] FindClose (in: hFindFile=0x5c8ef0 | out: hFindFile=0x5c8ef0) returned 1 [0145.407] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="翸")) returned 0 [0145.407] GetLastError () returned 0x12 [0145.407] GetLastError () returned 0x12 [0145.408] SetLastError (dwErrCode=0x12) [0145.408] FindClose (in: hFindFile=0x5c8dd0 | out: hFindFile=0x5c8dd0) returned 1 [0145.408] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Links", cAlternateFileName="")) returned 1 [0145.408] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.408] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.408] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.408] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.408] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.408] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.408] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5c8ef0 [0145.409] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.409] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.409] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.409] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.409] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.409] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.409] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.409] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.409] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.409] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.409] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.410] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.410] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.410] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7e4026c4, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5300, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0145.410] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.410] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.410] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.410] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.410] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.410] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.410] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.411] GetFileType (hFile=0x290) returned 0x1 [0145.411] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21248) returned 1 [0145.412] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21248) returned 1 [0145.412] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.412] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.412] CloseHandle (hObject=0x290) returned 1 [0145.413] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7e4c1257, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5310, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0145.413] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.413] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.413] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.413] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.413] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.413] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.413] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Desktop.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.414] GetFileType (hFile=0x290) returned 0x1 [0145.414] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21264) returned 1 [0145.414] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21264) returned 1 [0145.414] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.414] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.415] CloseHandle (hObject=0x290) returned 1 [0145.415] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7e4e74de, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x54e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0145.415] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.415] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.415] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.415] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.416] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.416] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.416] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\Downloads.lnk" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.416] GetFileType (hFile=0x290) returned 0x1 [0145.416] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21728) returned 1 [0145.416] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21728) returned 1 [0145.417] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.417] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.417] CloseHandle (hObject=0x290) returned 1 [0145.418] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.418] GetLastError () returned 0x12 [0145.418] GetLastError () returned 0x12 [0145.418] SetLastError (dwErrCode=0x12) [0145.418] FindClose (in: hFindFile=0x5c8ef0 | out: hFindFile=0x5c8ef0) returned 1 [0145.418] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0145.418] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.418] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.418] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.418] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.418] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.418] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.419] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Local Settings\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\local settings\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0145.419] GetLastError () returned 0x5 [0145.419] GetLastError () returned 0x5 [0145.419] SetLastError (dwErrCode=0x5) [0145.419] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe0f74d12, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe0f74d12, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Music", cAlternateFileName="")) returned 1 [0145.419] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.420] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.420] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.420] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.420] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.420] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.420] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5c8ef0 [0145.420] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.420] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.420] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.420] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.421] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.421] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.421] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe0f74d12, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe0f74d12, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.421] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.421] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.421] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.421] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.421] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.421] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.421] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1478aac0, ftCreationTime.dwHighDateTime=0x1d93174, ftLastAccessTime.dwLowDateTime=0x29a985d0, ftLastAccessTime.dwHighDateTime=0x1d93292, ftLastWriteTime.dwLowDateTime=0x7e50d872, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xde08, dwReserved0=0x0, dwReserved1=0x0, cFileName="2BZtrQsnPaWcF9k4Auc.m4a", cAlternateFileName="2BZTRQ~1.M4A")) returned 1 [0145.421] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.421] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.421] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.422] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.422] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.422] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.422] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\2BZtrQsnPaWcF9k4Auc.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\2bztrqsnpawcf9k4auc.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.422] GetFileType (hFile=0x290) returned 0x1 [0145.422] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=56840) returned 1 [0145.423] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=56840) returned 1 [0145.423] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.423] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.528] CloseHandle (hObject=0x290) returned 1 [0145.528] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7e5cc249, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5300, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0145.528] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.528] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.528] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.529] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.529] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.529] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.529] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.529] GetFileType (hFile=0x290) returned 0x1 [0145.530] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21248) returned 1 [0145.530] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21248) returned 1 [0145.530] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.530] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.530] CloseHandle (hObject=0x290) returned 1 [0145.531] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f80b9f0, ftCreationTime.dwHighDateTime=0x1d92d22, ftLastAccessTime.dwLowDateTime=0x1ef27420, ftLastAccessTime.dwHighDateTime=0x1d9319e, ftLastWriteTime.dwLowDateTime=0x7e5f2686, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1b8e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="DmmjraBo.m4a", cAlternateFileName="")) returned 1 [0145.531] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.531] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.531] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.531] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.531] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.531] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.531] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\DmmjraBo.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\dmmjrabo.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.532] GetFileType (hFile=0x290) returned 0x1 [0145.532] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=112870) returned 1 [0145.532] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=112870) returned 1 [0145.532] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.532] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.533] CloseHandle (hObject=0x290) returned 1 [0145.533] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca7eaf20, ftCreationTime.dwHighDateTime=0x1d931b2, ftLastAccessTime.dwLowDateTime=0x84b16660, ftLastAccessTime.dwHighDateTime=0x1d93327, ftLastWriteTime.dwLowDateTime=0x7e618919, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1186b, dwReserved0=0x0, dwReserved1=0x0, cFileName="fuYxdst6SMV8PN.mp3", cAlternateFileName="FUYXDS~1.MP3")) returned 1 [0145.533] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.533] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.533] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.533] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.533] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.533] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.534] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\fuYxdst6SMV8PN.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fuyxdst6smv8pn.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.534] GetFileType (hFile=0x290) returned 0x1 [0145.534] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=71787) returned 1 [0145.534] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=71787) returned 1 [0145.534] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.534] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.535] CloseHandle (hObject=0x290) returned 1 [0145.535] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60e23ce0, ftCreationTime.dwHighDateTime=0x1d92bfd, ftLastAccessTime.dwLowDateTime=0x202cbcd0, ftLastAccessTime.dwHighDateTime=0x1d932e6, ftLastWriteTime.dwLowDateTime=0x202cbcd0, ftLastWriteTime.dwHighDateTime=0x1d932e6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FXGh0g6", cAlternateFileName="")) returned 1 [0145.535] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.535] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.535] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.535] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.535] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.535] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.536] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x5c8dd0 [0145.536] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.536] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.537] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.537] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.537] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.537] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.537] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60e23ce0, ftCreationTime.dwHighDateTime=0x1d92bfd, ftLastAccessTime.dwLowDateTime=0x202cbcd0, ftLastAccessTime.dwHighDateTime=0x1d932e6, ftLastWriteTime.dwLowDateTime=0x202cbcd0, ftLastWriteTime.dwHighDateTime=0x1d932e6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.537] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.537] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.537] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.537] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.537] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.537] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.537] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a5ad320, ftCreationTime.dwHighDateTime=0x1d93511, ftLastAccessTime.dwLowDateTime=0xdc0357a0, ftLastAccessTime.dwHighDateTime=0x1d9352c, ftLastWriteTime.dwLowDateTime=0x7e6b117d, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x88e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-4kdm22YV4v.wav", cAlternateFileName="-4KDM2~1.WAV")) returned 1 [0145.537] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.537] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.538] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.538] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.538] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.538] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.538] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\-4kdm22YV4v.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\-4kdm22yv4v.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.538] GetFileType (hFile=0x314) returned 0x1 [0145.538] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=35040) returned 1 [0145.539] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=35040) returned 1 [0145.539] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.539] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.539] CloseHandle (hObject=0x314) returned 1 [0145.540] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7388da70, ftCreationTime.dwHighDateTime=0x1d928c4, ftLastAccessTime.dwLowDateTime=0x71885280, ftLastAccessTime.dwHighDateTime=0x1d92d85, ftLastWriteTime.dwLowDateTime=0x7e6d73af, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x17d80, dwReserved0=0x0, dwReserved1=0x0, cFileName="8B8Hy6zF_MS.m4a", cAlternateFileName="8B8HY6~1.M4A")) returned 1 [0145.540] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.540] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.540] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.540] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.540] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.540] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.540] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\8B8Hy6zF_MS.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\8b8hy6zf_ms.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.540] GetFileType (hFile=0x314) returned 0x1 [0145.541] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=97664) returned 1 [0145.541] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=97664) returned 1 [0145.541] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.541] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.541] CloseHandle (hObject=0x314) returned 1 [0145.542] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0fc1180, ftCreationTime.dwHighDateTime=0x1d92939, ftLastAccessTime.dwLowDateTime=0xa88f4ce0, ftLastAccessTime.dwHighDateTime=0x1d92d1f, ftLastWriteTime.dwLowDateTime=0x7e7bc1c6, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1264c, dwReserved0=0x0, dwReserved1=0x0, cFileName="9vXU0CCZC77b8.m4a", cAlternateFileName="9VXU0C~1.M4A")) returned 1 [0145.542] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.542] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.542] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.542] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.542] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.542] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.542] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\9vXU0CCZC77b8.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\9vxu0cczc77b8.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.543] GetFileType (hFile=0x314) returned 0x1 [0145.543] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=75340) returned 1 [0145.543] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=75340) returned 1 [0145.543] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.543] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.543] CloseHandle (hObject=0x314) returned 1 [0145.544] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83717db0, ftCreationTime.dwHighDateTime=0x1d93527, ftLastAccessTime.dwLowDateTime=0x9da5a6d0, ftLastAccessTime.dwHighDateTime=0x1d9355d, ftLastWriteTime.dwLowDateTime=0x7e7e251e, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xdc53, dwReserved0=0x0, dwReserved1=0x0, cFileName="gfULfaB3zo.wav", cAlternateFileName="GFULFA~1.WAV")) returned 1 [0145.544] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.544] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.544] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.544] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.544] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.544] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.544] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\gfULfaB3zo.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\gfulfab3zo.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.545] GetFileType (hFile=0x314) returned 0x1 [0145.545] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=56403) returned 1 [0145.545] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=56403) returned 1 [0145.545] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.545] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.546] CloseHandle (hObject=0x314) returned 1 [0145.546] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cb883c0, ftCreationTime.dwHighDateTime=0x1d92cfd, ftLastAccessTime.dwLowDateTime=0xf7b2f1f0, ftLastAccessTime.dwHighDateTime=0x1d93409, ftLastWriteTime.dwLowDateTime=0x7e8097ca, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1075e, dwReserved0=0x0, dwReserved1=0x0, cFileName="gHqlr7ucmVxDpvt.m4a", cAlternateFileName="GHQLR7~1.M4A")) returned 1 [0145.546] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.546] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.546] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.546] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.546] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.546] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.547] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\gHqlr7ucmVxDpvt.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\ghqlr7ucmvxdpvt.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.547] GetFileType (hFile=0x314) returned 0x1 [0145.547] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=67422) returned 1 [0145.547] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=67422) returned 1 [0145.547] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.547] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.548] CloseHandle (hObject=0x314) returned 1 [0145.548] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce5c6600, ftCreationTime.dwHighDateTime=0x1d92db6, ftLastAccessTime.dwLowDateTime=0x7f3e58c0, ftLastAccessTime.dwHighDateTime=0x1d92fec, ftLastWriteTime.dwLowDateTime=0x7e854be0, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x16843, dwReserved0=0x0, dwReserved1=0x0, cFileName="iOvCnRfLTkM9.wav", cAlternateFileName="IOVCNR~1.WAV")) returned 1 [0145.548] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.548] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.548] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.548] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.548] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.548] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.549] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\iOvCnRfLTkM9.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\iovcnrfltkm9.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.549] GetFileType (hFile=0x314) returned 0x1 [0145.549] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=92227) returned 1 [0145.549] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=92227) returned 1 [0145.549] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.549] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.550] CloseHandle (hObject=0x314) returned 1 [0145.550] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26dbc330, ftCreationTime.dwHighDateTime=0x1d92b68, ftLastAccessTime.dwLowDateTime=0xaea42420, ftLastAccessTime.dwHighDateTime=0x1d92dba, ftLastWriteTime.dwLowDateTime=0x7e87c2bb, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x15b82, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ip0_g9kKcj.wav", cAlternateFileName="IP0_G9~1.WAV")) returned 1 [0145.550] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.550] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.550] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.550] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.550] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.550] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.551] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\Ip0_g9kKcj.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\ip0_g9kkcj.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.551] GetFileType (hFile=0x314) returned 0x1 [0145.551] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=88962) returned 1 [0145.551] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=88962) returned 1 [0145.552] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.552] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.552] CloseHandle (hObject=0x314) returned 1 [0145.553] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5258dc50, ftCreationTime.dwHighDateTime=0x1d926bd, ftLastAccessTime.dwLowDateTime=0x4ac93b20, ftLastAccessTime.dwHighDateTime=0x1d930c6, ftLastWriteTime.dwLowDateTime=0x7e87c2bb, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xca00, dwReserved0=0x0, dwReserved1=0x0, cFileName="iYt4Sr4pkbCs4T.m4a", cAlternateFileName="IYT4SR~1.M4A")) returned 1 [0145.553] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.553] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.553] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.553] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.553] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.553] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.553] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\iYt4Sr4pkbCs4T.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\iyt4sr4pkbcs4t.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.553] GetFileType (hFile=0x314) returned 0x1 [0145.554] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=51712) returned 1 [0145.554] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=51712) returned 1 [0145.554] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.554] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.554] CloseHandle (hObject=0x314) returned 1 [0145.555] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc55ed070, ftCreationTime.dwHighDateTime=0x1d9322e, ftLastAccessTime.dwLowDateTime=0x18ec6d0, ftLastAccessTime.dwHighDateTime=0x1d934a6, ftLastWriteTime.dwLowDateTime=0x7e8a1000, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xd4de, dwReserved0=0x0, dwReserved1=0x0, cFileName="jysgM8eGrB.wav", cAlternateFileName="JYSGM8~1.WAV")) returned 1 [0145.555] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.555] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.555] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.555] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.555] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.555] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.555] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\jysgM8eGrB.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\jysgm8egrb.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.556] GetFileType (hFile=0x314) returned 0x1 [0145.556] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=54494) returned 1 [0145.556] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=54494) returned 1 [0145.556] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.556] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.557] CloseHandle (hObject=0x314) returned 1 [0145.557] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc546bbd0, ftCreationTime.dwHighDateTime=0x1d92c60, ftLastAccessTime.dwLowDateTime=0x27e18570, ftLastAccessTime.dwHighDateTime=0x1d933a2, ftLastWriteTime.dwLowDateTime=0x7e927cc8, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1494a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lw9 ysK.mp3", cAlternateFileName="LW9YSK~1.MP3")) returned 1 [0145.557] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.557] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.557] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.557] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.557] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.557] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.558] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\Lw9 ysK.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\lw9 ysk.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.558] GetFileType (hFile=0x314) returned 0x1 [0145.558] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=84298) returned 1 [0145.558] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=84298) returned 1 [0145.558] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.558] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.559] CloseHandle (hObject=0x314) returned 1 [0145.559] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4f5cd0, ftCreationTime.dwHighDateTime=0x1d92c24, ftLastAccessTime.dwLowDateTime=0x6376b1f0, ftLastAccessTime.dwHighDateTime=0x1d930b4, ftLastWriteTime.dwLowDateTime=0x7e93a86b, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x101e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="oZwW.m4a", cAlternateFileName="")) returned 1 [0145.559] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.559] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.559] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.559] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.559] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.559] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.560] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\oZwW.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\ozww.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.560] GetFileType (hFile=0x314) returned 0x1 [0145.560] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=66019) returned 1 [0145.560] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=66019) returned 1 [0145.560] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.560] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.561] CloseHandle (hObject=0x314) returned 1 [0145.561] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c4b64d0, ftCreationTime.dwHighDateTime=0x1d934ff, ftLastAccessTime.dwLowDateTime=0x3942d850, ftLastAccessTime.dwHighDateTime=0x1d93578, ftLastWriteTime.dwLowDateTime=0x7e968cae, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x99a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="soxjKq_f52dufejcJQ.m4a", cAlternateFileName="SOXJKQ~1.M4A")) returned 1 [0145.561] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.561] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.561] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.561] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.561] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.561] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.562] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\soxjKq_f52dufejcJQ.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\soxjkq_f52dufejcjq.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.562] GetFileType (hFile=0x314) returned 0x1 [0145.562] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=39328) returned 1 [0145.562] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=39328) returned 1 [0145.562] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.562] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.615] CloseHandle (hObject=0x314) returned 1 [0145.616] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae9dcc20, ftCreationTime.dwHighDateTime=0x1d92cb5, ftLastAccessTime.dwLowDateTime=0x6fbe56d0, ftLastAccessTime.dwHighDateTime=0x1d934aa, ftLastWriteTime.dwLowDateTime=0x7e986366, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x12262, dwReserved0=0x0, dwReserved1=0x0, cFileName="uFwI7-queadFi7ry6ZM5.mp3", cAlternateFileName="UFWI7-~1.MP3")) returned 1 [0145.616] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.616] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.616] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.616] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.616] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.616] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.616] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\uFwI7-queadFi7ry6ZM5.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\ufwi7-queadfi7ry6zm5.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.617] GetFileType (hFile=0x314) returned 0x1 [0145.617] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=74338) returned 1 [0145.617] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=74338) returned 1 [0145.617] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.617] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.618] CloseHandle (hObject=0x314) returned 1 [0145.618] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0d2d050, ftCreationTime.dwHighDateTime=0x1d92d80, ftLastAccessTime.dwLowDateTime=0x95a66940, ftLastAccessTime.dwHighDateTime=0x1d93294, ftLastWriteTime.dwLowDateTime=0x7e986366, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xa124, dwReserved0=0x0, dwReserved1=0x0, cFileName="v2Dwesg8HDjvdewQgNXC.m4a", cAlternateFileName="V2DWES~1.M4A")) returned 1 [0145.618] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.618] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.618] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.618] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.618] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.618] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.619] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\v2Dwesg8HDjvdewQgNXC.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\v2dwesg8hdjvdewqgnxc.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.619] GetFileType (hFile=0x314) returned 0x1 [0145.619] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=41252) returned 1 [0145.619] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=41252) returned 1 [0145.619] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.619] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.620] CloseHandle (hObject=0x314) returned 1 [0145.620] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fba2de0, ftCreationTime.dwHighDateTime=0x1d928e6, ftLastAccessTime.dwLowDateTime=0xc5e8fad0, ftLastAccessTime.dwHighDateTime=0x1d92ec7, ftLastWriteTime.dwLowDateTime=0x7e9ac088, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x19f18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xk6OsGw80BZF.wav", cAlternateFileName="XK6OSG~1.WAV")) returned 1 [0145.620] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.620] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.620] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.620] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.620] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.620] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.621] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\Xk6OsGw80BZF.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\xk6osgw80bzf.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.621] GetFileType (hFile=0x314) returned 0x1 [0145.621] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=106264) returned 1 [0145.621] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=106264) returned 1 [0145.621] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.621] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.622] CloseHandle (hObject=0x314) returned 1 [0145.622] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70f4870, ftCreationTime.dwHighDateTime=0x1d92f0e, ftLastAccessTime.dwLowDateTime=0xd89b59b0, ftLastAccessTime.dwHighDateTime=0x1d93409, ftLastWriteTime.dwLowDateTime=0x7ea1e835, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5c70, dwReserved0=0x0, dwReserved1=0x0, cFileName="xqUMfGAY.wav", cAlternateFileName="")) returned 1 [0145.622] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.622] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.622] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.622] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.622] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.623] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.623] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\xqUMfGAY.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\xqumfgay.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.623] GetFileType (hFile=0x314) returned 0x1 [0145.623] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=23664) returned 1 [0145.623] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=23664) returned 1 [0145.623] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.624] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.624] CloseHandle (hObject=0x314) returned 1 [0145.624] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcaa4dfe0, ftCreationTime.dwHighDateTime=0x1d9285e, ftLastAccessTime.dwLowDateTime=0x3526f630, ftLastAccessTime.dwHighDateTime=0x1d92e1f, ftLastWriteTime.dwLowDateTime=0x7eb2a225, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x73d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_g9Eb.mp3", cAlternateFileName="")) returned 1 [0145.624] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.624] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.624] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.624] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.625] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.625] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.625] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FXGh0g6\\_g9Eb.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\fxgh0g6\\_g9eb.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.625] GetFileType (hFile=0x314) returned 0x1 [0145.625] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=29648) returned 1 [0145.625] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=29648) returned 1 [0145.625] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.626] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.627] CloseHandle (hObject=0x314) returned 1 [0145.628] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.628] GetLastError () returned 0x12 [0145.628] GetLastError () returned 0x12 [0145.628] SetLastError (dwErrCode=0x12) [0145.628] FindClose (in: hFindFile=0x5c8dd0 | out: hFindFile=0x5c8dd0) returned 1 [0145.628] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e7abd60, ftCreationTime.dwHighDateTime=0x1d934d7, ftLastAccessTime.dwLowDateTime=0xbe2551d0, ftLastAccessTime.dwHighDateTime=0x1d93521, ftLastWriteTime.dwLowDateTime=0x7eb2a225, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xc517, dwReserved0=0x0, dwReserved1=0x0, cFileName="H0Bu7WE L.mp3", cAlternateFileName="H0BU7W~1.MP3")) returned 1 [0145.628] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.628] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.628] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.628] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.628] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.628] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.629] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\H0Bu7WE L.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\h0bu7we l.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.629] GetFileType (hFile=0x290) returned 0x1 [0145.629] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=50455) returned 1 [0145.629] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=50455) returned 1 [0145.629] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.631] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.631] CloseHandle (hObject=0x290) returned 1 [0145.631] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c4264f0, ftCreationTime.dwHighDateTime=0x1d93544, ftLastAccessTime.dwLowDateTime=0x6bcbe8e0, ftLastAccessTime.dwHighDateTime=0x1d93558, ftLastWriteTime.dwLowDateTime=0x7eb4fa9e, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x71d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LoNNdvzwPSF50eP.wav", cAlternateFileName="LONNDV~1.WAV")) returned 1 [0145.632] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.632] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.632] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.632] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.632] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.632] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.632] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\LoNNdvzwPSF50eP.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lonndvzwpsf50ep.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.632] GetFileType (hFile=0x290) returned 0x1 [0145.633] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=29136) returned 1 [0145.633] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=29136) returned 1 [0145.633] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.633] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.633] CloseHandle (hObject=0x290) returned 1 [0145.634] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87db38a0, ftCreationTime.dwHighDateTime=0x1d92be0, ftLastAccessTime.dwLowDateTime=0xaffde4f0, ftLastAccessTime.dwHighDateTime=0x1d92e00, ftLastWriteTime.dwLowDateTime=0x7eb75f3c, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x16d39, dwReserved0=0x0, dwReserved1=0x0, cFileName="M3D2dAGIAkc0.wav", cAlternateFileName="M3D2DA~1.WAV")) returned 1 [0145.634] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.634] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.634] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.634] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.634] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.634] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.634] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\M3D2dAGIAkc0.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\m3d2dagiakc0.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.634] GetFileType (hFile=0x290) returned 0x1 [0145.635] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=93497) returned 1 [0145.635] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=93497) returned 1 [0145.635] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.635] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.635] CloseHandle (hObject=0x290) returned 1 [0145.636] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bc8e000, ftCreationTime.dwHighDateTime=0x1d92dae, ftLastAccessTime.dwLowDateTime=0x21cba6d0, ftLastAccessTime.dwHighDateTime=0x1d931d5, ftLastWriteTime.dwLowDateTime=0x7eb9bfb2, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xeb62, dwReserved0=0x0, dwReserved1=0x0, cFileName="R4zOe8GwtZ1.wav", cAlternateFileName="R4ZOE8~1.WAV")) returned 1 [0145.636] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.636] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.636] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.636] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.636] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.636] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.636] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\R4zOe8GwtZ1.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\r4zoe8gwtz1.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.636] GetFileType (hFile=0x290) returned 0x1 [0145.637] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=60258) returned 1 [0145.637] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=60258) returned 1 [0145.637] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.637] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.637] CloseHandle (hObject=0x290) returned 1 [0145.638] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ccfed20, ftCreationTime.dwHighDateTime=0x1d92c1d, ftLastAccessTime.dwLowDateTime=0x6a9c1040, ftLastAccessTime.dwHighDateTime=0x1d930ca, ftLastWriteTime.dwLowDateTime=0x7eb9bfb2, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1aa89, dwReserved0=0x0, dwReserved1=0x0, cFileName="rPff8m_vb3qiWXJ Wg0b.m4a", cAlternateFileName="RPFF8M~1.M4A")) returned 1 [0145.638] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.638] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.638] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.638] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.638] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.638] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.638] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rPff8m_vb3qiWXJ Wg0b.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\rpff8m_vb3qiwxj wg0b.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.638] GetFileType (hFile=0x290) returned 0x1 [0145.639] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=109193) returned 1 [0145.639] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=109193) returned 1 [0145.639] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.639] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.639] CloseHandle (hObject=0x290) returned 1 [0145.640] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42895950, ftCreationTime.dwHighDateTime=0x1d931a6, ftLastAccessTime.dwLowDateTime=0x57e52e80, ftLastAccessTime.dwHighDateTime=0x1d93491, ftLastWriteTime.dwLowDateTime=0x7ebc21d0, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5b90, dwReserved0=0x0, dwReserved1=0x0, cFileName="u7iCll5l.m4a", cAlternateFileName="")) returned 1 [0145.640] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.640] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.640] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.640] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.640] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.640] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.640] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\u7iCll5l.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\u7icll5l.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.640] GetFileType (hFile=0x290) returned 0x1 [0145.641] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=23440) returned 1 [0145.641] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=23440) returned 1 [0145.641] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.641] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.641] CloseHandle (hObject=0x290) returned 1 [0145.642] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc295770, ftCreationTime.dwHighDateTime=0x1d92d7d, ftLastAccessTime.dwLowDateTime=0x6f1c370, ftLastAccessTime.dwHighDateTime=0x1d933f2, ftLastWriteTime.dwLowDateTime=0x7ebe83c7, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x19168, dwReserved0=0x0, dwReserved1=0x0, cFileName="xA6JGYQ_yeIF.wav", cAlternateFileName="XA6JGY~1.WAV")) returned 1 [0145.642] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.642] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.642] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.642] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.642] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.642] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.642] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\xA6JGYQ_yeIF.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\xa6jgyq_yeif.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.643] GetFileType (hFile=0x290) returned 0x1 [0145.643] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=102760) returned 1 [0145.643] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=102760) returned 1 [0145.643] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.643] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.643] CloseHandle (hObject=0x290) returned 1 [0145.644] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x120c90e0, ftCreationTime.dwHighDateTime=0x1d92d4f, ftLastAccessTime.dwLowDateTime=0x62abfd10, ftLastAccessTime.dwHighDateTime=0x1d93263, ftLastWriteTime.dwLowDateTime=0x7ec14f02, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x16362, dwReserved0=0x0, dwReserved1=0x0, cFileName="XaYVlV-JmayNd53_Mt.wav", cAlternateFileName="XAYVLV~1.WAV")) returned 1 [0145.644] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.644] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.644] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.644] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.644] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.644] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.644] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\XaYVlV-JmayNd53_Mt.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\xayvlv-jmaynd53_mt.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.645] GetFileType (hFile=0x290) returned 0x1 [0145.645] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=90978) returned 1 [0145.645] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=90978) returned 1 [0145.645] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.645] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.646] CloseHandle (hObject=0x290) returned 1 [0145.646] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a440900, ftCreationTime.dwHighDateTime=0x1d928d8, ftLastAccessTime.dwLowDateTime=0xac775f80, ftLastAccessTime.dwHighDateTime=0x1d92f6f, ftLastWriteTime.dwLowDateTime=0x7ec80cb3, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x14418, dwReserved0=0x0, dwReserved1=0x0, cFileName="xD9qeXinUK4Z9qI4.mp3", cAlternateFileName="XD9QEX~1.MP3")) returned 1 [0145.646] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.646] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.646] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.646] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.646] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.646] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.647] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\xD9qeXinUK4Z9qI4.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\xd9qexinuk4z9qi4.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.647] GetFileType (hFile=0x290) returned 0x1 [0145.647] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=82968) returned 1 [0145.647] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=82968) returned 1 [0145.647] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.648] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.648] CloseHandle (hObject=0x290) returned 1 [0145.648] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.648] GetLastError () returned 0x12 [0145.648] GetLastError () returned 0x12 [0145.648] SetLastError (dwErrCode=0x12) [0145.648] FindClose (in: hFindFile=0x5c8ef0 | out: hFindFile=0x5c8ef0) returned 1 [0145.649] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0145.649] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.649] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.649] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.649] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.649] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.649] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.649] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\My Documents\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\my documents\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0145.649] GetLastError () returned 0x5 [0145.649] GetLastError () returned 0x5 [0145.649] SetLastError (dwErrCode=0x5) [0145.650] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="NetHood", cAlternateFileName="")) returned 1 [0145.650] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.650] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.650] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.650] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.650] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.650] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.650] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\NetHood\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\nethood\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0145.650] GetLastError () returned 0x5 [0145.650] GetLastError () returned 0x5 [0145.650] SetLastError (dwErrCode=0x5) [0145.650] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x3ce3dbd0, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4b110efe, ftLastAccessTime.dwHighDateTime=0x1d93628, ftLastWriteTime.dwLowDateTime=0x4b110efe, ftLastWriteTime.dwHighDateTime=0x1d93628, nFileSizeHigh=0x0, nFileSizeLow=0x140000, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0145.650] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.650] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.651] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.651] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.651] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.651] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.651] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d2dc444, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x117000, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0145.651] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.651] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.651] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.651] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.651] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.651] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.652] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.dat.LOG1" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb41b8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.652] GetLastError () returned 0x20 [0145.652] GetLastError () returned 0x20 [0145.652] SetLastError (dwErrCode=0x20) [0145.652] GetLastError () returned 0x20 [0145.652] SetLastError (dwErrCode=0x20) [0145.652] GetLastError () returned 0x20 [0145.652] SetLastError (dwErrCode=0x20) [0145.652] GetLastError () returned 0x20 [0145.652] SetLastError (dwErrCode=0x20) [0145.652] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d2dc444, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x14000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0145.652] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.653] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.653] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.653] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.653] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.653] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.653] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.dat.LOG2" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb41b8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.653] GetLastError () returned 0x20 [0145.653] GetLastError () returned 0x20 [0145.653] SetLastError (dwErrCode=0x20) [0145.653] GetLastError () returned 0x20 [0145.654] SetLastError (dwErrCode=0x20) [0145.654] GetLastError () returned 0x20 [0145.654] SetLastError (dwErrCode=0x20) [0145.654] GetLastError () returned 0x20 [0145.654] SetLastError (dwErrCode=0x20) [0145.654] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d2dc444, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d2dc444, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x63434853, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0145.654] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.654] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.654] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.654] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.654] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.654] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.654] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d3026e1, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d3026e1, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6340e659, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0145.654] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.654] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.654] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.655] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.655] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.655] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.655] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d3026e1, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d3026e1, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x6340e659, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{62e13464-7ee5-11e5-80c4-a4badb40df56}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0145.655] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.655] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.655] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.655] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.655] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.655] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.655] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7eccd115, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5120, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0145.655] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.655] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.655] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.655] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.656] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.656] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.656] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\ntuser.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb41b8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x218 [0145.656] GetFileType (hFile=0x218) returned 0x1 [0145.656] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0xcb4348, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb4348*=20768) returned 1 [0145.656] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0xcb42f8, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb42f8*=20768) returned 1 [0145.657] SetFilePointerEx (in: hFile=0x218, liDistanceToMove=0x0, lpNewFilePointer=0xcb4348, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb4348*=0) returned 1 [0145.657] ReadFile (in: hFile=0x218, lpBuffer=0xcb4500, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb42b8, lpOverlapped=0x0 | out: lpBuffer=0xcb4500*, lpNumberOfBytesRead=0xcb42b8*=0x5000, lpOverlapped=0x0) returned 1 [0145.700] CloseHandle (hObject=0x218) returned 1 [0145.700] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive", cAlternateFileName="")) returned 1 [0145.700] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.700] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.700] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.700] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.700] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.701] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.701] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5c9070 [0145.701] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.701] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.701] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.701] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.701] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.701] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.701] FindNextFileW (in: hFindFile=0x5c9070, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.701] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.702] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.702] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.702] FindNextFileW (in: hFindFile=0x5c9070, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x84aeda3c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x7ecf33f2, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5170, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0145.702] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.702] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.702] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.702] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.703] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.703] GetFileType (hFile=0x290) returned 0x1 [0145.703] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=20848) returned 1 [0145.703] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=20848) returned 1 [0145.703] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.703] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.704] CloseHandle (hObject=0x290) returned 1 [0145.704] FindNextFileW (in: hFindFile=0x5c9070, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.704] GetLastError () returned 0x12 [0145.704] GetLastError () returned 0x12 [0145.704] SetLastError (dwErrCode=0x12) [0145.704] FindClose (in: hFindFile=0x5c9070 | out: hFindFile=0x5c9070) returned 1 [0145.705] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe19e32ec, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe19e32ec, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0145.705] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.705] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.705] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.705] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.705] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.705] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.705] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x5c8dd0 [0145.705] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.705] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.706] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.706] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.706] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe19e32ec, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe19e32ec, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.706] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.706] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.706] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.706] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Camera Roll", cAlternateFileName="CAMERA~1")) returned 1 [0145.706] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.706] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.707] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.707] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.707] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.707] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.707] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x5c8ef0 [0145.707] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.707] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.707] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.707] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.707] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.707] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.708] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 1 [0145.708] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.708] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.708] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.708] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.708] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.708] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.708] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2b10dbc5, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x7ed8c8cb, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x51c0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0145.709] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.709] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.709] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.709] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.709] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.709] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.709] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.709] GetFileType (hFile=0x314) returned 0x1 [0145.710] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=20928) returned 1 [0145.710] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=20928) returned 1 [0145.710] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.710] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.710] CloseHandle (hObject=0x314) returned 1 [0145.711] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.711] GetLastError () returned 0x12 [0145.711] GetLastError () returned 0x12 [0145.711] SetLastError (dwErrCode=0x12) [0145.711] FindClose (in: hFindFile=0x5c8ef0 | out: hFindFile=0x5c8ef0) returned 1 [0145.711] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7ed8c8cb, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5300, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0145.711] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.711] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.711] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.711] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.711] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.712] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.712] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.712] GetFileType (hFile=0x290) returned 0x1 [0145.712] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21248) returned 1 [0145.712] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21248) returned 1 [0145.712] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.713] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.713] CloseHandle (hObject=0x290) returned 1 [0145.713] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x871729c0, ftCreationTime.dwHighDateTime=0x1d9328d, ftLastAccessTime.dwLowDateTime=0x83088c60, ftLastAccessTime.dwHighDateTime=0x1d933ab, ftLastWriteTime.dwLowDateTime=0x83088c60, ftLastWriteTime.dwHighDateTime=0x1d933ab, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EhhsBihcckCr8IG", cAlternateFileName="EHHSBI~1")) returned 1 [0145.713] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.713] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.713] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.713] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.714] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.714] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.714] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x5c8ef0 [0145.714] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.714] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.714] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.714] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.714] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.714] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.714] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x871729c0, ftCreationTime.dwHighDateTime=0x1d9328d, ftLastAccessTime.dwLowDateTime=0x83088c60, ftLastAccessTime.dwHighDateTime=0x1d933ab, ftLastWriteTime.dwLowDateTime=0x83088c60, ftLastWriteTime.dwHighDateTime=0x1d933ab, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.715] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.715] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.715] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.715] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.715] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.715] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.715] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaacac7f0, ftCreationTime.dwHighDateTime=0x1d93404, ftLastAccessTime.dwLowDateTime=0xc3b6380, ftLastAccessTime.dwHighDateTime=0x1d935e2, ftLastWriteTime.dwLowDateTime=0xc3b6380, ftLastWriteTime.dwHighDateTime=0x1d935e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lxjKufO2Ryx0y", cAlternateFileName="LXJKUF~1")) returned 1 [0145.715] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.715] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.715] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.715] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.715] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.715] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.715] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbc810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbc810) returned 0x5c8f50 [0145.716] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.716] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.716] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.716] FindNextFileW (in: hFindFile=0x5c8f50, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaacac7f0, ftCreationTime.dwHighDateTime=0x1d93404, ftLastAccessTime.dwLowDateTime=0xc3b6380, ftLastAccessTime.dwHighDateTime=0x1d935e2, ftLastWriteTime.dwLowDateTime=0xc3b6380, ftLastWriteTime.dwHighDateTime=0x1d935e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="..", cAlternateFileName="")) returned 1 [0145.716] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.716] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.716] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.717] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.717] FindNextFileW (in: hFindFile=0x5c8f50, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c44f820, ftCreationTime.dwHighDateTime=0x1d92945, ftLastAccessTime.dwLowDateTime=0xd4d3d110, ftLastAccessTime.dwHighDateTime=0x1d9303d, ftLastWriteTime.dwLowDateTime=0x7edb2013, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1905f, dwReserved0=0x0, dwReserved1=0x4137678, cFileName="2WIk7PUQNXx_TmSy5Kz7.bmp", cAlternateFileName="2WIK7P~1.BMP")) returned 1 [0145.717] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.717] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.717] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.717] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.717] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\2WIk7PUQNXx_TmSy5Kz7.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\2wik7puqnxx_tmsy5kz7.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.718] GetFileType (hFile=0x318) returned 0x1 [0145.718] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=102495) returned 1 [0145.718] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=102495) returned 1 [0145.718] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.718] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.719] CloseHandle (hObject=0x318) returned 1 [0145.719] FindNextFileW (in: hFindFile=0x5c8f50, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde857d30, ftCreationTime.dwHighDateTime=0x1d9265b, ftLastAccessTime.dwLowDateTime=0x54091a10, ftLastAccessTime.dwHighDateTime=0x1d92d70, ftLastWriteTime.dwLowDateTime=0x7edfe2ea, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x18ee1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Eupj8q.png", cAlternateFileName="")) returned 1 [0145.719] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.719] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.719] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.719] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.719] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.719] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.720] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\Eupj8q.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\eupj8q.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.720] GetFileType (hFile=0x318) returned 0x1 [0145.720] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=102113) returned 1 [0145.720] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=102113) returned 1 [0145.720] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.720] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.721] CloseHandle (hObject=0x318) returned 1 [0145.721] FindNextFileW (in: hFindFile=0x5c8f50, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x529cc6e0, ftCreationTime.dwHighDateTime=0x1d935d6, ftLastAccessTime.dwLowDateTime=0xb9c41ce0, ftLastAccessTime.dwHighDateTime=0x1d93619, ftLastWriteTime.dwLowDateTime=0xb9c41ce0, ftLastWriteTime.dwHighDateTime=0x1d93619, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JGs8", cAlternateFileName="")) returned 1 [0145.721] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.721] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.721] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.721] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.721] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.721] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.721] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbbf20, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbbf20) returned 0x5c9010 [0145.722] FileTimeToSystemTime (in: lpFileTime=0xcbbf24, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.722] FileTimeToSystemTime (in: lpFileTime=0xcbbf2c, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.722] FileTimeToSystemTime (in: lpFileTime=0xcbbf34, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.722] FindNextFileW (in: hFindFile=0x5c9010, lpFindFileData=0xcbbf20 | out: lpFindFileData=0xcbbf20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x529cc6e0, ftCreationTime.dwHighDateTime=0x1d935d6, ftLastAccessTime.dwLowDateTime=0xb9c41ce0, ftLastAccessTime.dwHighDateTime=0x1d93619, ftLastWriteTime.dwLowDateTime=0xb9c41ce0, ftLastWriteTime.dwHighDateTime=0x1d93619, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.722] FileTimeToSystemTime (in: lpFileTime=0xcbbf24, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.722] FileTimeToSystemTime (in: lpFileTime=0xcbbf2c, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.722] FileTimeToSystemTime (in: lpFileTime=0xcbbf34, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.722] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.723] FindNextFileW (in: hFindFile=0x5c9010, lpFindFileData=0xcbbf20 | out: lpFindFileData=0xcbbf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10184430, ftCreationTime.dwHighDateTime=0x1d929dc, ftLastAccessTime.dwLowDateTime=0xd6dd93e0, ftLastAccessTime.dwHighDateTime=0x1d93558, ftLastWriteTime.dwLowDateTime=0x7ee247da, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x15399, dwReserved0=0x0, dwReserved1=0x0, cFileName="1_uI7.png", cAlternateFileName="")) returned 1 [0145.723] FileTimeToSystemTime (in: lpFileTime=0xcbbf24, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.723] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.723] FileTimeToSystemTime (in: lpFileTime=0xcbbf2c, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.723] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.723] FileTimeToSystemTime (in: lpFileTime=0xcbbf34, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.723] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.724] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\1_uI7.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\1_ui7.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb1df8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0145.724] GetFileType (hFile=0x31c) returned 0x1 [0145.724] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb1f88*=86937) returned 1 [0145.725] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb1f38*=86937) returned 1 [0145.725] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb1f88*=0) returned 1 [0145.725] ReadFile (in: hFile=0x31c, lpBuffer=0xcb2140, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb1ef8, lpOverlapped=0x0 | out: lpBuffer=0xcb2140*, lpNumberOfBytesRead=0xcb1ef8*=0x5000, lpOverlapped=0x0) returned 1 [0145.725] CloseHandle (hObject=0x31c) returned 1 [0145.725] FindNextFileW (in: hFindFile=0x5c9010, lpFindFileData=0xcbbf20 | out: lpFindFileData=0xcbbf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a3b8640, ftCreationTime.dwHighDateTime=0x1d92c48, ftLastAccessTime.dwLowDateTime=0x1635d50, ftLastAccessTime.dwHighDateTime=0x1d934e3, ftLastWriteTime.dwLowDateTime=0x7ee4ad7f, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x8500, dwReserved0=0x0, dwReserved1=0x0, cFileName="7UDTxkOjDUVVzv7hqCX.jpg", cAlternateFileName="7UDTXK~1.JPG")) returned 1 [0145.726] FileTimeToSystemTime (in: lpFileTime=0xcbbf24, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.726] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.726] FileTimeToSystemTime (in: lpFileTime=0xcbbf2c, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.726] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.726] FileTimeToSystemTime (in: lpFileTime=0xcbbf34, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.726] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.726] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\7UDTxkOjDUVVzv7hqCX.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\7udtxkojduvvzv7hqcx.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb1df8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0145.726] GetFileType (hFile=0x31c) returned 0x1 [0145.727] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb1f88*=34048) returned 1 [0145.727] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb1f38*=34048) returned 1 [0145.727] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb1f88*=0) returned 1 [0145.727] ReadFile (in: hFile=0x31c, lpBuffer=0xcb2140, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb1ef8, lpOverlapped=0x0 | out: lpBuffer=0xcb2140*, lpNumberOfBytesRead=0xcb1ef8*=0x5000, lpOverlapped=0x0) returned 1 [0145.729] CloseHandle (hObject=0x31c) returned 1 [0145.729] FindNextFileW (in: hFindFile=0x5c9010, lpFindFileData=0xcbbf20 | out: lpFindFileData=0xcbbf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa830120, ftCreationTime.dwHighDateTime=0x1d92c4a, ftLastAccessTime.dwLowDateTime=0x1dba6ec0, ftLastAccessTime.dwHighDateTime=0x1d9335e, ftLastWriteTime.dwLowDateTime=0x7ee4ad7f, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1ca28, dwReserved0=0x0, dwReserved1=0x0, cFileName="M3 f2oSr-.jpg", cAlternateFileName="M3F2OS~1.JPG")) returned 1 [0145.729] FileTimeToSystemTime (in: lpFileTime=0xcbbf24, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.729] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.729] FileTimeToSystemTime (in: lpFileTime=0xcbbf2c, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.729] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.729] FileTimeToSystemTime (in: lpFileTime=0xcbbf34, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.729] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.730] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\M3 f2oSr-.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\m3 f2osr-.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb1df8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0145.730] GetFileType (hFile=0x31c) returned 0x1 [0145.730] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb1f88*=117288) returned 1 [0145.730] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb1f38*=117288) returned 1 [0145.730] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb1f88*=0) returned 1 [0145.730] ReadFile (in: hFile=0x31c, lpBuffer=0xcb2140, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb1ef8, lpOverlapped=0x0 | out: lpBuffer=0xcb2140*, lpNumberOfBytesRead=0xcb1ef8*=0x5000, lpOverlapped=0x0) returned 1 [0145.731] CloseHandle (hObject=0x31c) returned 1 [0145.731] FindNextFileW (in: hFindFile=0x5c9010, lpFindFileData=0xcbbf20 | out: lpFindFileData=0xcbbf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d8138b0, ftCreationTime.dwHighDateTime=0x1d92a43, ftLastAccessTime.dwLowDateTime=0x7ab39480, ftLastAccessTime.dwHighDateTime=0x1d932e1, ftLastWriteTime.dwLowDateTime=0x7ee70cc3, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x8650, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pc158sefqrED.bmp", cAlternateFileName="PC158S~1.BMP")) returned 1 [0145.731] FileTimeToSystemTime (in: lpFileTime=0xcbbf24, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.731] FileTimeToSystemTime (in: lpFileTime=0xcbbf2c, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.731] FileTimeToSystemTime (in: lpFileTime=0xcbbf34, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.731] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.732] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\Pc158sefqrED.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\pc158sefqred.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb1df8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0145.732] GetFileType (hFile=0x31c) returned 0x1 [0145.732] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb1f88*=34384) returned 1 [0145.732] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb1f38*=34384) returned 1 [0145.732] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb1f88*=0) returned 1 [0145.732] ReadFile (in: hFile=0x31c, lpBuffer=0xcb2140, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb1ef8, lpOverlapped=0x0 | out: lpBuffer=0xcb2140*, lpNumberOfBytesRead=0xcb1ef8*=0x5000, lpOverlapped=0x0) returned 1 [0145.773] CloseHandle (hObject=0x31c) returned 1 [0145.773] FindNextFileW (in: hFindFile=0x5c9010, lpFindFileData=0xcbbf20 | out: lpFindFileData=0xcbbf20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1687d3d0, ftCreationTime.dwHighDateTime=0x1d932b5, ftLastAccessTime.dwLowDateTime=0x64f41950, ftLastAccessTime.dwHighDateTime=0x1d934c9, ftLastWriteTime.dwLowDateTime=0x7ee9918a, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xd880, dwReserved0=0x0, dwReserved1=0x0, cFileName="too6KBp5JugIc.jpg", cAlternateFileName="TOO6KB~1.JPG")) returned 1 [0145.773] FileTimeToSystemTime (in: lpFileTime=0xcbbf24, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.773] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.773] FileTimeToSystemTime (in: lpFileTime=0xcbbf2c, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.773] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.774] FileTimeToSystemTime (in: lpFileTime=0xcbbf34, lpSystemTime=0xcbbec0 | out: lpSystemTime=0xcbbec0) returned 1 [0145.774] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbbec0, lpLocalTime=0xcbbeb0 | out: lpLocalTime=0xcbbeb0) returned 1 [0145.774] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\lxjKufO2Ryx0y\\JGs8\\too6KBp5JugIc.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\lxjkufo2ryx0y\\jgs8\\too6kbp5jugic.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb1df8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x31c [0145.774] GetFileType (hFile=0x31c) returned 0x1 [0145.774] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f88, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb1f88*=55424) returned 1 [0145.774] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f38, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb1f38*=55424) returned 1 [0145.774] SetFilePointerEx (in: hFile=0x31c, liDistanceToMove=0x0, lpNewFilePointer=0xcb1f88, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb1f88*=0) returned 1 [0145.775] ReadFile (in: hFile=0x31c, lpBuffer=0xcb2140, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb1ef8, lpOverlapped=0x0 | out: lpBuffer=0xcb2140*, lpNumberOfBytesRead=0xcb1ef8*=0x5000, lpOverlapped=0x0) returned 1 [0145.775] CloseHandle (hObject=0x31c) returned 1 [0145.775] FindNextFileW (in: hFindFile=0x5c9010, lpFindFileData=0xcbbf20 | out: lpFindFileData=0xcbbf20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.775] GetLastError () returned 0x12 [0145.775] GetLastError () returned 0x12 [0145.776] SetLastError (dwErrCode=0x12) [0145.776] FindClose (in: hFindFile=0x5c9010 | out: hFindFile=0x5c9010) returned 1 [0145.776] FindNextFileW (in: hFindFile=0x5c8f50, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x529cc6e0, ftCreationTime.dwHighDateTime=0x1d935d6, ftLastAccessTime.dwLowDateTime=0xb9c41ce0, ftLastAccessTime.dwHighDateTime=0x1d93619, ftLastWriteTime.dwLowDateTime=0xb9c41ce0, ftLastWriteTime.dwHighDateTime=0x1d93619, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JGs8", cAlternateFileName="翸")) returned 0 [0145.776] GetLastError () returned 0x12 [0145.776] GetLastError () returned 0x12 [0145.776] SetLastError (dwErrCode=0x12) [0145.776] FindClose (in: hFindFile=0x5c8f50 | out: hFindFile=0x5c8f50) returned 1 [0145.776] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2807db50, ftCreationTime.dwHighDateTime=0x1d930f3, ftLastAccessTime.dwLowDateTime=0x891ceab0, ftLastAccessTime.dwHighDateTime=0x1d933d3, ftLastWriteTime.dwLowDateTime=0x7ee9918a, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xb024, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="QQPwJf44SZ2yym1FzZ6q.gif", cAlternateFileName="QQPWJF~1.GIF")) returned 1 [0145.776] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.776] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.776] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.776] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.777] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\QQPwJf44SZ2yym1FzZ6q.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\qqpwjf44sz2yym1fzz6q.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.777] GetFileType (hFile=0x314) returned 0x1 [0145.777] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=45092) returned 1 [0145.777] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=45092) returned 1 [0145.777] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.777] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.778] CloseHandle (hObject=0x314) returned 1 [0145.778] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57693070, ftCreationTime.dwHighDateTime=0x1d92abc, ftLastAccessTime.dwLowDateTime=0x7ee8fa80, ftLastAccessTime.dwHighDateTime=0x1d92ac2, ftLastWriteTime.dwLowDateTime=0x7ef0c4f9, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x128f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S2eTpaTNodEH.png", cAlternateFileName="S2ETPA~1.PNG")) returned 1 [0145.778] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.778] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.778] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.778] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.778] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.778] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.779] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\EhhsBihcckCr8IG\\S2eTpaTNodEH.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ehhsbihcckcr8ig\\s2etpatnodeh.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.779] GetFileType (hFile=0x314) returned 0x1 [0145.779] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=76016) returned 1 [0145.779] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=76016) returned 1 [0145.779] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.780] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.780] CloseHandle (hObject=0x314) returned 1 [0145.780] FindNextFileW (in: hFindFile=0x5c8ef0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.780] GetLastError () returned 0x12 [0145.780] GetLastError () returned 0x12 [0145.780] SetLastError (dwErrCode=0x12) [0145.780] FindClose (in: hFindFile=0x5c8ef0 | out: hFindFile=0x5c8ef0) returned 1 [0145.781] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7ec3740, ftCreationTime.dwHighDateTime=0x1d928cd, ftLastAccessTime.dwLowDateTime=0xd8f336a0, ftLastAccessTime.dwHighDateTime=0x1d932a9, ftLastWriteTime.dwLowDateTime=0x7ef31811, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xcc8e, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="H9kLrv3 mNT.png", cAlternateFileName="H9KLRV~1.PNG")) returned 1 [0145.781] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.781] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.781] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.781] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.781] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.781] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.781] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\H9kLrv3 mNT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\h9klrv3 mnt.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.781] GetFileType (hFile=0x290) returned 0x1 [0145.782] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=52366) returned 1 [0145.782] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=52366) returned 1 [0145.782] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.782] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.782] CloseHandle (hObject=0x290) returned 1 [0145.783] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x962f7d70, ftCreationTime.dwHighDateTime=0x1d92772, ftLastAccessTime.dwLowDateTime=0x19f09020, ftLastAccessTime.dwHighDateTime=0x1d935bc, ftLastWriteTime.dwLowDateTime=0x7ef31811, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1ca73, dwReserved0=0x0, dwReserved1=0x0, cFileName="ikvCOG.jpg", cAlternateFileName="")) returned 1 [0145.783] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.783] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.783] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.783] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.783] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.783] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.783] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ikvCOG.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ikvcog.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.783] GetFileType (hFile=0x290) returned 0x1 [0145.784] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=117363) returned 1 [0145.784] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=117363) returned 1 [0145.784] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.784] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.784] CloseHandle (hObject=0x290) returned 1 [0145.785] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa707b4f0, ftCreationTime.dwHighDateTime=0x1d92ace, ftLastAccessTime.dwLowDateTime=0x8e6f6af0, ftLastAccessTime.dwHighDateTime=0x1d92c2c, ftLastWriteTime.dwLowDateTime=0x8e6f6af0, ftLastWriteTime.dwHighDateTime=0x1d92c2c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkqOdeK", cAlternateFileName="")) returned 1 [0145.785] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.785] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.785] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.785] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.785] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.785] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.785] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\pkqOdeK\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\pkqodek\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x159f230 [0145.786] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.786] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.786] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.786] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.786] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.786] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.786] FindNextFileW (in: hFindFile=0x159f230, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa707b4f0, ftCreationTime.dwHighDateTime=0x1d92ace, ftLastAccessTime.dwLowDateTime=0x8e6f6af0, ftLastAccessTime.dwHighDateTime=0x1d92c2c, ftLastWriteTime.dwLowDateTime=0x8e6f6af0, ftLastWriteTime.dwHighDateTime=0x1d92c2c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.786] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.786] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.787] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.787] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.787] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.787] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.787] FindNextFileW (in: hFindFile=0x159f230, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24e88760, ftCreationTime.dwHighDateTime=0x1d92c68, ftLastAccessTime.dwLowDateTime=0xcebc9390, ftLastAccessTime.dwHighDateTime=0x1d93239, ftLastWriteTime.dwLowDateTime=0x7ef571be, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x16297, dwReserved0=0x0, dwReserved1=0x0, cFileName="LoRrpbPb3hyX.bmp", cAlternateFileName="LORRPB~1.BMP")) returned 1 [0145.787] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.787] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.787] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.787] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.787] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.787] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.788] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\pkqOdeK\\LoRrpbPb3hyX.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\pkqodek\\lorrpbpb3hyx.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.788] GetFileType (hFile=0x314) returned 0x1 [0145.788] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=90775) returned 1 [0145.788] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=90775) returned 1 [0145.788] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.788] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.789] CloseHandle (hObject=0x314) returned 1 [0145.789] FindNextFileW (in: hFindFile=0x159f230, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x218d2730, ftCreationTime.dwHighDateTime=0x1d929d2, ftLastAccessTime.dwLowDateTime=0xc614850, ftLastAccessTime.dwHighDateTime=0x1d933f0, ftLastWriteTime.dwLowDateTime=0x7ef7bd04, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x15a1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ogc4R89imU.gif", cAlternateFileName="OGC4R8~1.GIF")) returned 1 [0145.789] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.789] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.789] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.789] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.789] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.789] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.790] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\pkqOdeK\\Ogc4R89imU.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\pkqodek\\ogc4r89imu.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.790] GetFileType (hFile=0x314) returned 0x1 [0145.790] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=88603) returned 1 [0145.790] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=88603) returned 1 [0145.790] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.790] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.791] CloseHandle (hObject=0x314) returned 1 [0145.791] FindNextFileW (in: hFindFile=0x159f230, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa492dc50, ftCreationTime.dwHighDateTime=0x1d9333d, ftLastAccessTime.dwLowDateTime=0xa5fa3fe0, ftLastAccessTime.dwHighDateTime=0x1d9357f, ftLastWriteTime.dwLowDateTime=0xa5fa3fe0, ftLastWriteTime.dwHighDateTime=0x1d9357f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SBhHtZEuj_zd1mmTI", cAlternateFileName="SBHHTZ~1")) returned 1 [0145.791] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.791] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.791] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.791] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.791] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.791] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.792] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\pkqOdeK\\SBhHtZEuj_zd1mmTI\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\pkqodek\\sbhhtzeuj_zd1mmti\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbc810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbc810) returned 0x159f110 [0145.792] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.792] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.792] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.792] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.792] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.792] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.792] FindNextFileW (in: hFindFile=0x159f110, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa492dc50, ftCreationTime.dwHighDateTime=0x1d9333d, ftLastAccessTime.dwLowDateTime=0xa5fa3fe0, ftLastAccessTime.dwHighDateTime=0x1d9357f, ftLastWriteTime.dwLowDateTime=0xa5fa3fe0, ftLastWriteTime.dwHighDateTime=0x1d9357f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.792] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.792] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.792] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.792] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.793] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.793] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.793] FindNextFileW (in: hFindFile=0x159f110, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a094900, ftCreationTime.dwHighDateTime=0x1d92671, ftLastAccessTime.dwLowDateTime=0xec454ee0, ftLastAccessTime.dwHighDateTime=0x1d92a6c, ftLastWriteTime.dwLowDateTime=0x7efa1eca, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x118b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="__S3.gif", cAlternateFileName="")) returned 1 [0145.793] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.793] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.793] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.793] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.793] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.793] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.793] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\pkqOdeK\\SBhHtZEuj_zd1mmTI\\__S3.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\pkqodek\\sbhhtzeuj_zd1mmti\\__s3.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.794] GetFileType (hFile=0x318) returned 0x1 [0145.794] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=71857) returned 1 [0145.794] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=71857) returned 1 [0145.794] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.794] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.794] CloseHandle (hObject=0x318) returned 1 [0145.795] FindNextFileW (in: hFindFile=0x159f110, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.795] GetLastError () returned 0x12 [0145.795] GetLastError () returned 0x12 [0145.795] SetLastError (dwErrCode=0x12) [0145.795] FindClose (in: hFindFile=0x159f110 | out: hFindFile=0x159f110) returned 1 [0145.795] FindNextFileW (in: hFindFile=0x159f230, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa492dc50, ftCreationTime.dwHighDateTime=0x1d9333d, ftLastAccessTime.dwLowDateTime=0xa5fa3fe0, ftLastAccessTime.dwHighDateTime=0x1d9357f, ftLastWriteTime.dwLowDateTime=0xa5fa3fe0, ftLastWriteTime.dwHighDateTime=0x1d9357f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SBhHtZEuj_zd1mmTI", cAlternateFileName="翸")) returned 0 [0145.795] GetLastError () returned 0x12 [0145.795] GetLastError () returned 0x12 [0145.795] SetLastError (dwErrCode=0x12) [0145.795] FindClose (in: hFindFile=0x159f230 | out: hFindFile=0x159f230) returned 1 [0145.795] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x25a9fa90, ftCreationTime.dwHighDateTime=0x1d92b13, ftLastAccessTime.dwLowDateTime=0x3ee6b7a0, ftLastAccessTime.dwHighDateTime=0x1d92df7, ftLastWriteTime.dwLowDateTime=0x3ee6b7a0, ftLastWriteTime.dwHighDateTime=0x1d92df7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="s3tdcFngvww9ooYMn", cAlternateFileName="S3TDCF~1")) returned 1 [0145.795] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.796] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.796] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.796] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.796] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.796] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.796] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x159f2f0 [0145.796] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.796] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.796] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.796] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.796] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.796] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.797] FindNextFileW (in: hFindFile=0x159f2f0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x25a9fa90, ftCreationTime.dwHighDateTime=0x1d92b13, ftLastAccessTime.dwLowDateTime=0x3ee6b7a0, ftLastAccessTime.dwHighDateTime=0x1d92df7, ftLastWriteTime.dwLowDateTime=0x3ee6b7a0, ftLastWriteTime.dwHighDateTime=0x1d92df7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.797] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.797] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.797] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.797] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.797] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.797] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.797] FindNextFileW (in: hFindFile=0x159f2f0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7c68de30, ftCreationTime.dwHighDateTime=0x1d93619, ftLastAccessTime.dwLowDateTime=0xba197260, ftLastAccessTime.dwHighDateTime=0x1d93625, ftLastWriteTime.dwLowDateTime=0x7efc8158, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x13749, dwReserved0=0x0, dwReserved1=0x0, cFileName="-WjqwOI4uBb8V.jpg", cAlternateFileName="-WJQWO~1.JPG")) returned 1 [0145.797] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.797] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.797] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.797] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.797] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.797] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.798] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\-WjqwOI4uBb8V.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\-wjqwoi4ubb8v.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.798] GetFileType (hFile=0x314) returned 0x1 [0145.798] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=79689) returned 1 [0145.798] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=79689) returned 1 [0145.798] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.798] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.799] CloseHandle (hObject=0x314) returned 1 [0145.799] FindNextFileW (in: hFindFile=0x159f2f0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa146c600, ftCreationTime.dwHighDateTime=0x1d928b2, ftLastAccessTime.dwLowDateTime=0x5e72a90, ftLastAccessTime.dwHighDateTime=0x1d932dc, ftLastWriteTime.dwLowDateTime=0x5e72a90, ftLastWriteTime.dwHighDateTime=0x1d932dc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4wJ3vQA", cAlternateFileName="")) returned 1 [0145.799] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.799] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.799] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.799] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.799] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.800] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.800] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbc810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbc810) returned 0x159edb0 [0145.800] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.800] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.800] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.800] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.800] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.800] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.800] FindNextFileW (in: hFindFile=0x159edb0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa146c600, ftCreationTime.dwHighDateTime=0x1d928b2, ftLastAccessTime.dwLowDateTime=0x5e72a90, ftLastAccessTime.dwHighDateTime=0x1d932dc, ftLastWriteTime.dwLowDateTime=0x5e72a90, ftLastWriteTime.dwHighDateTime=0x1d932dc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.800] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.800] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.801] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.801] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.801] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.801] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.801] FindNextFileW (in: hFindFile=0x159edb0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc89303f0, ftCreationTime.dwHighDateTime=0x1d9322f, ftLastAccessTime.dwLowDateTime=0x14f96440, ftLastAccessTime.dwHighDateTime=0x1d932b8, ftLastWriteTime.dwLowDateTime=0x7efee4aa, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x193cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="bQzgCK.jpg", cAlternateFileName="")) returned 1 [0145.801] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.801] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.801] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.801] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.801] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.801] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.802] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\bQzgCK.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\bqzgck.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.802] GetFileType (hFile=0x318) returned 0x1 [0145.803] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=103372) returned 1 [0145.803] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=103372) returned 1 [0145.803] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.803] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.803] CloseHandle (hObject=0x318) returned 1 [0145.804] FindNextFileW (in: hFindFile=0x159edb0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3f52840, ftCreationTime.dwHighDateTime=0x1d92e52, ftLastAccessTime.dwLowDateTime=0x8d1864f0, ftLastAccessTime.dwHighDateTime=0x1d93257, ftLastWriteTime.dwLowDateTime=0x7f01464e, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x17664, dwReserved0=0x0, dwReserved1=0x0, cFileName="FaNivGNUHSksG.gif", cAlternateFileName="FANIVG~1.GIF")) returned 1 [0145.804] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.804] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.804] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.804] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.804] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.804] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.804] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\FaNivGNUHSksG.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\fanivgnuhsksg.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.805] GetFileType (hFile=0x318) returned 0x1 [0145.805] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=95844) returned 1 [0145.805] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=95844) returned 1 [0145.805] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.805] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.805] CloseHandle (hObject=0x318) returned 1 [0145.806] FindNextFileW (in: hFindFile=0x159edb0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10a57f10, ftCreationTime.dwHighDateTime=0x1d931ea, ftLastAccessTime.dwLowDateTime=0x7801b3d0, ftLastAccessTime.dwHighDateTime=0x1d934b6, ftLastWriteTime.dwLowDateTime=0x7f03a848, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x186a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="jezQ-IVycZrs-.bmp", cAlternateFileName="JEZQ-I~1.BMP")) returned 1 [0145.806] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.806] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.806] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.806] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.806] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.806] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.806] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\jezQ-IVycZrs-.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\jezq-ivyczrs-.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.807] GetFileType (hFile=0x318) returned 0x1 [0145.807] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=100005) returned 1 [0145.807] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=100005) returned 1 [0145.807] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.807] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.826] CloseHandle (hObject=0x318) returned 1 [0145.826] FindNextFileW (in: hFindFile=0x159edb0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7a98250, ftCreationTime.dwHighDateTime=0x1d928a1, ftLastAccessTime.dwLowDateTime=0x1ccafed0, ftLastAccessTime.dwHighDateTime=0x1d92fb2, ftLastWriteTime.dwLowDateTime=0x7f060ae0, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x179f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="M7 0zS.png", cAlternateFileName="M70ZS~1.PNG")) returned 1 [0145.826] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.826] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.827] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.827] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.827] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.827] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.827] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\M7 0zS.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\m7 0zs.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.827] GetFileType (hFile=0x318) returned 0x1 [0145.827] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=96753) returned 1 [0145.828] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=96753) returned 1 [0145.828] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.828] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.830] CloseHandle (hObject=0x318) returned 1 [0145.830] FindNextFileW (in: hFindFile=0x159edb0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a792b80, ftCreationTime.dwHighDateTime=0x1d9360c, ftLastAccessTime.dwLowDateTime=0x64a02ea0, ftLastAccessTime.dwHighDateTime=0x1d93616, ftLastWriteTime.dwLowDateTime=0x7f0873dc, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x14545, dwReserved0=0x0, dwReserved1=0x0, cFileName="oT_jQHzD6FkulT1Y.gif", cAlternateFileName="OT_JQH~1.GIF")) returned 1 [0145.830] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.830] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.830] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.830] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.830] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.830] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.830] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\4wJ3vQA\\oT_jQHzD6FkulT1Y.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\4wj3vqa\\ot_jqhzd6fkult1y.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.831] GetFileType (hFile=0x318) returned 0x1 [0145.831] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=83269) returned 1 [0145.831] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=83269) returned 1 [0145.831] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.831] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.832] CloseHandle (hObject=0x318) returned 1 [0145.832] FindNextFileW (in: hFindFile=0x159edb0, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.832] GetLastError () returned 0x12 [0145.832] GetLastError () returned 0x12 [0145.832] SetLastError (dwErrCode=0x12) [0145.832] FindClose (in: hFindFile=0x159edb0 | out: hFindFile=0x159edb0) returned 1 [0145.832] FindNextFileW (in: hFindFile=0x159f2f0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1f3a4c0, ftCreationTime.dwHighDateTime=0x1d92ccb, ftLastAccessTime.dwLowDateTime=0xf30b8c60, ftLastAccessTime.dwHighDateTime=0x1d92e97, ftLastWriteTime.dwLowDateTime=0x7f0873dc, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xa060, dwReserved0=0x0, dwReserved1=0x0, cFileName="5iJsNnxngia9PWK-bt_D.bmp", cAlternateFileName="5IJSNN~1.BMP")) returned 1 [0145.832] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.832] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.833] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.833] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.833] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.833] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.834] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\5iJsNnxngia9PWK-bt_D.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\5ijsnnxngia9pwk-bt_d.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.834] GetFileType (hFile=0x314) returned 0x1 [0145.834] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=41056) returned 1 [0145.834] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=41056) returned 1 [0145.834] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.834] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.835] CloseHandle (hObject=0x314) returned 1 [0145.835] FindNextFileW (in: hFindFile=0x159f2f0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8960a0c0, ftCreationTime.dwHighDateTime=0x1d9354f, ftLastAccessTime.dwLowDateTime=0xaa4f2ad0, ftLastAccessTime.dwHighDateTime=0x1d9356e, ftLastWriteTime.dwLowDateTime=0xaa4f2ad0, ftLastWriteTime.dwHighDateTime=0x1d9356e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="60hPj", cAlternateFileName="")) returned 1 [0145.835] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.835] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.835] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.835] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.835] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.835] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.836] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbc810, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbc810) returned 0x159eb70 [0145.836] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.836] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.836] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.836] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.836] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.836] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.836] FindNextFileW (in: hFindFile=0x159eb70, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8960a0c0, ftCreationTime.dwHighDateTime=0x1d9354f, ftLastAccessTime.dwLowDateTime=0xaa4f2ad0, ftLastAccessTime.dwHighDateTime=0x1d9356e, ftLastWriteTime.dwLowDateTime=0xaa4f2ad0, ftLastWriteTime.dwHighDateTime=0x1d9356e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.836] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.836] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.837] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.837] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.837] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.837] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.837] FindNextFileW (in: hFindFile=0x159eb70, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82ffc3b0, ftCreationTime.dwHighDateTime=0x1d933b4, ftLastAccessTime.dwLowDateTime=0xfc3c1580, ftLastAccessTime.dwHighDateTime=0x1d93567, ftLastWriteTime.dwLowDateTime=0x7f0f9310, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xc92d, dwReserved0=0x0, dwReserved1=0x0, cFileName="0i-BfxeBoDoclU3m-.bmp", cAlternateFileName="0I-BFX~1.BMP")) returned 1 [0145.837] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.837] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.837] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.837] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.837] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.837] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.838] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\0i-BfxeBoDoclU3m-.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\0i-bfxebodoclu3m-.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.838] GetFileType (hFile=0x318) returned 0x1 [0145.838] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=51501) returned 1 [0145.838] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=51501) returned 1 [0145.838] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.838] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.839] CloseHandle (hObject=0x318) returned 1 [0145.839] FindNextFileW (in: hFindFile=0x159eb70, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93cdb4d0, ftCreationTime.dwHighDateTime=0x1d93027, ftLastAccessTime.dwLowDateTime=0x6532d120, ftLastAccessTime.dwHighDateTime=0x1d930c5, ftLastWriteTime.dwLowDateTime=0x7f11fb77, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x94d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="G1KIWWVd xjOl4J I-dX.jpg", cAlternateFileName="G1KIWW~1.JPG")) returned 1 [0145.839] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.839] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.839] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.839] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.839] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.839] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.840] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\G1KIWWVd xjOl4J I-dX.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\g1kiwwvd xjol4j i-dx.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.840] GetFileType (hFile=0x318) returned 0x1 [0145.840] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=38096) returned 1 [0145.840] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=38096) returned 1 [0145.840] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.840] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.841] CloseHandle (hObject=0x318) returned 1 [0145.841] FindNextFileW (in: hFindFile=0x159eb70, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5aa4b1f0, ftCreationTime.dwHighDateTime=0x1d92d65, ftLastAccessTime.dwLowDateTime=0x5df876f0, ftLastAccessTime.dwHighDateTime=0x1d932ee, ftLastWriteTime.dwLowDateTime=0x7f145955, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xcd1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OQZhyhRrm5gu.gif", cAlternateFileName="OQZHYH~1.GIF")) returned 1 [0145.841] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.841] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.841] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.841] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.841] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.841] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.842] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\OQZhyhRrm5gu.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\oqzhyhrrm5gu.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.842] GetFileType (hFile=0x318) returned 0x1 [0145.842] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=52508) returned 1 [0145.842] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=52508) returned 1 [0145.842] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.842] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.843] CloseHandle (hObject=0x318) returned 1 [0145.843] FindNextFileW (in: hFindFile=0x159eb70, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dae6c50, ftCreationTime.dwHighDateTime=0x1d932b8, ftLastAccessTime.dwLowDateTime=0xa4fd3b50, ftLastAccessTime.dwHighDateTime=0x1d93508, ftLastWriteTime.dwLowDateTime=0x7f145955, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x105f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="XpUr.gif", cAlternateFileName="")) returned 1 [0145.843] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.843] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.843] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.843] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.843] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.843] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.844] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\XpUr.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\xpur.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.844] GetFileType (hFile=0x318) returned 0x1 [0145.844] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=67060) returned 1 [0145.844] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=67060) returned 1 [0145.844] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.844] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.845] CloseHandle (hObject=0x318) returned 1 [0145.845] FindNextFileW (in: hFindFile=0x159eb70, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda182480, ftCreationTime.dwHighDateTime=0x1d925f9, ftLastAccessTime.dwLowDateTime=0xdd7e6410, ftLastAccessTime.dwHighDateTime=0x1d92674, ftLastWriteTime.dwLowDateTime=0x7f22a698, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x199ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="zEVmASXzrNvdV1gT-HkQ.gif", cAlternateFileName="ZEVMAS~1.GIF")) returned 1 [0145.845] FileTimeToSystemTime (in: lpFileTime=0xcbc814, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.845] FileTimeToSystemTime (in: lpFileTime=0xcbc81c, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.845] FileTimeToSystemTime (in: lpFileTime=0xcbc824, lpSystemTime=0xcbc7b0 | out: lpSystemTime=0xcbc7b0) returned 1 [0145.845] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbc7b0, lpLocalTime=0xcbc7a0 | out: lpLocalTime=0xcbc7a0) returned 1 [0145.846] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\60hPj\\zEVmASXzrNvdV1gT-HkQ.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\60hpj\\zevmasxzrnvdv1gt-hkq.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb26e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x318 [0145.846] GetFileType (hFile=0x318) returned 0x1 [0145.846] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb2878*=104940) returned 1 [0145.846] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2828, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb2828*=104940) returned 1 [0145.846] SetFilePointerEx (in: hFile=0x318, liDistanceToMove=0x0, lpNewFilePointer=0xcb2878, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb2878*=0) returned 1 [0145.846] ReadFile (in: hFile=0x318, lpBuffer=0xcb2a30, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb27e8, lpOverlapped=0x0 | out: lpBuffer=0xcb2a30*, lpNumberOfBytesRead=0xcb27e8*=0x5000, lpOverlapped=0x0) returned 1 [0145.847] CloseHandle (hObject=0x318) returned 1 [0145.847] FindNextFileW (in: hFindFile=0x159eb70, lpFindFileData=0xcbc810 | out: lpFindFileData=0xcbc810*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.847] GetLastError () returned 0x12 [0145.847] GetLastError () returned 0x12 [0145.847] SetLastError (dwErrCode=0x12) [0145.847] FindClose (in: hFindFile=0x159eb70 | out: hFindFile=0x159eb70) returned 1 [0145.847] FindNextFileW (in: hFindFile=0x159f2f0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x523962e0, ftCreationTime.dwHighDateTime=0x1d932f1, ftLastAccessTime.dwLowDateTime=0x45272a00, ftLastAccessTime.dwHighDateTime=0x1d93338, ftLastWriteTime.dwLowDateTime=0x7f22a698, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x71c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="85SciJrMWEx8uK.bmp", cAlternateFileName="85SCIJ~1.BMP")) returned 1 [0145.847] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.847] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.847] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.848] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.848] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.848] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.848] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\85SciJrMWEx8uK.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\85scijrmwex8uk.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.848] GetFileType (hFile=0x314) returned 0x1 [0145.849] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=29120) returned 1 [0145.849] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=29120) returned 1 [0145.849] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.849] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.849] CloseHandle (hObject=0x314) returned 1 [0145.850] FindNextFileW (in: hFindFile=0x159f2f0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7eccd40, ftCreationTime.dwHighDateTime=0x1d935e3, ftLastAccessTime.dwLowDateTime=0x753b93d0, ftLastAccessTime.dwHighDateTime=0x1d93607, ftLastWriteTime.dwLowDateTime=0x7f2521ec, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x63a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aWf4X0dmD13O.jpg", cAlternateFileName="AWF4X0~1.JPG")) returned 1 [0145.850] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.850] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.850] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.850] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.850] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.850] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.850] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\aWf4X0dmD13O.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\awf4x0dmd13o.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.850] GetFileType (hFile=0x314) returned 0x1 [0145.851] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=25504) returned 1 [0145.851] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=25504) returned 1 [0145.851] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.851] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.851] CloseHandle (hObject=0x314) returned 1 [0145.852] FindNextFileW (in: hFindFile=0x159f2f0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4ea87b0, ftCreationTime.dwHighDateTime=0x1d933b0, ftLastAccessTime.dwLowDateTime=0x40154050, ftLastAccessTime.dwHighDateTime=0x1d933fc, ftLastWriteTime.dwLowDateTime=0x7f29cd4e, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1d212, dwReserved0=0x0, dwReserved1=0x0, cFileName="BiT3GPRXCpn.bmp", cAlternateFileName="BIT3GP~1.BMP")) returned 1 [0145.852] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.852] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.852] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.852] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.852] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.852] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.852] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\BiT3GPRXCpn.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\bit3gprxcpn.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.852] GetFileType (hFile=0x314) returned 0x1 [0145.852] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=119314) returned 1 [0145.853] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=119314) returned 1 [0145.853] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.853] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.853] CloseHandle (hObject=0x314) returned 1 [0145.854] FindNextFileW (in: hFindFile=0x159f2f0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73c7bcf0, ftCreationTime.dwHighDateTime=0x1d9307f, ftLastAccessTime.dwLowDateTime=0x32005f60, ftLastAccessTime.dwHighDateTime=0x1d93120, ftLastWriteTime.dwLowDateTime=0x7f2c3282, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1029d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NMRVXijqDWuZSGmsqvb.png", cAlternateFileName="NMRVXI~1.PNG")) returned 1 [0145.854] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.854] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.854] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.854] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.854] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.854] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.854] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\s3tdcFngvww9ooYMn\\NMRVXijqDWuZSGmsqvb.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\s3tdcfngvww9ooymn\\nmrvxijqdwuzsgmsqvb.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.855] GetFileType (hFile=0x314) returned 0x1 [0145.855] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=66205) returned 1 [0145.855] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=66205) returned 1 [0145.855] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.855] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.855] CloseHandle (hObject=0x314) returned 1 [0145.856] FindNextFileW (in: hFindFile=0x159f2f0, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.856] GetLastError () returned 0x12 [0145.856] GetLastError () returned 0x12 [0145.856] SetLastError (dwErrCode=0x12) [0145.856] FindClose (in: hFindFile=0x159f2f0 | out: hFindFile=0x159f2f0) returned 1 [0145.856] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Saved Pictures", cAlternateFileName="SAVEDP~1")) returned 1 [0145.856] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.856] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.856] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.856] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.856] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.856] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.857] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x159f050 [0145.857] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.857] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.857] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.857] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.857] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.857] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.857] FindNextFileW (in: hFindFile=0x159f050, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.857] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.857] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.858] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.858] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.858] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.858] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.858] FindNextFileW (in: hFindFile=0x159f050, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x7f2e90b1, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x51c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0145.858] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.858] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.858] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.858] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.858] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.858] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.859] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.859] GetFileType (hFile=0x314) returned 0x1 [0145.859] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=20928) returned 1 [0145.859] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=20928) returned 1 [0145.859] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.859] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.901] CloseHandle (hObject=0x314) returned 1 [0145.901] FindNextFileW (in: hFindFile=0x159f050, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.902] GetLastError () returned 0x12 [0145.902] GetLastError () returned 0x12 [0145.902] SetLastError (dwErrCode=0x12) [0145.902] FindClose (in: hFindFile=0x159f050 | out: hFindFile=0x159f050) returned 1 [0145.902] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x612f43b0, ftCreationTime.dwHighDateTime=0x1d92e27, ftLastAccessTime.dwLowDateTime=0xbf0df060, ftLastAccessTime.dwHighDateTime=0x1d9307c, ftLastWriteTime.dwLowDateTime=0xbf0df060, ftLastWriteTime.dwHighDateTime=0x1d9307c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="vRF7wRGj7", cAlternateFileName="VRF7WR~1")) returned 1 [0145.902] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.902] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.902] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.902] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.902] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.902] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.902] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vRF7wRGj7\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vrf7wrgj7\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd100, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd100) returned 0x159f530 [0145.903] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.903] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.903] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.903] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.903] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.903] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.903] FindNextFileW (in: hFindFile=0x159f530, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x612f43b0, ftCreationTime.dwHighDateTime=0x1d92e27, ftLastAccessTime.dwLowDateTime=0xbf0df060, ftLastAccessTime.dwHighDateTime=0x1d9307c, ftLastWriteTime.dwLowDateTime=0xbf0df060, ftLastWriteTime.dwHighDateTime=0x1d9307c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.903] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.903] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.903] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.903] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.903] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.903] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.904] FindNextFileW (in: hFindFile=0x159f530, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdea78c90, ftCreationTime.dwHighDateTime=0x1d92f4d, ftLastAccessTime.dwLowDateTime=0x5707d4c0, ftLastAccessTime.dwHighDateTime=0x1d9324a, ftLastWriteTime.dwLowDateTime=0x7f399c14, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x159e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="1p9Ew2bGHhhJcLgW.gif", cAlternateFileName="1P9EW2~1.GIF")) returned 1 [0145.904] FileTimeToSystemTime (in: lpFileTime=0xcbd104, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.904] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.904] FileTimeToSystemTime (in: lpFileTime=0xcbd10c, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.904] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.904] FileTimeToSystemTime (in: lpFileTime=0xcbd114, lpSystemTime=0xcbd0a0 | out: lpSystemTime=0xcbd0a0) returned 1 [0145.904] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd0a0, lpLocalTime=0xcbd090 | out: lpLocalTime=0xcbd090) returned 1 [0145.904] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\vRF7wRGj7\\1p9Ew2bGHhhJcLgW.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\vrf7wrgj7\\1p9ew2bghhhjclgw.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb2fd8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x314 [0145.904] GetFileType (hFile=0x314) returned 0x1 [0145.905] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3168*=88548) returned 1 [0145.905] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3118, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3118*=88548) returned 1 [0145.905] SetFilePointerEx (in: hFile=0x314, liDistanceToMove=0x0, lpNewFilePointer=0xcb3168, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3168*=0) returned 1 [0145.905] ReadFile (in: hFile=0x314, lpBuffer=0xcb3320, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb30d8, lpOverlapped=0x0 | out: lpBuffer=0xcb3320*, lpNumberOfBytesRead=0xcb30d8*=0x5000, lpOverlapped=0x0) returned 1 [0145.905] CloseHandle (hObject=0x314) returned 1 [0145.906] FindNextFileW (in: hFindFile=0x159f530, lpFindFileData=0xcbd100 | out: lpFindFileData=0xcbd100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.906] GetLastError () returned 0x12 [0145.906] GetLastError () returned 0x12 [0145.906] SetLastError (dwErrCode=0x12) [0145.906] FindClose (in: hFindFile=0x159f530 | out: hFindFile=0x159f530) returned 1 [0145.906] FindNextFileW (in: hFindFile=0x5c8dd0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x612f43b0, ftCreationTime.dwHighDateTime=0x1d92e27, ftLastAccessTime.dwLowDateTime=0xbf0df060, ftLastAccessTime.dwHighDateTime=0x1d9307c, ftLastWriteTime.dwLowDateTime=0xbf0df060, ftLastWriteTime.dwHighDateTime=0x1d9307c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="vRF7wRGj7", cAlternateFileName="翸")) returned 0 [0145.906] GetLastError () returned 0x12 [0145.906] GetLastError () returned 0x12 [0145.906] SetLastError (dwErrCode=0x12) [0145.906] FindClose (in: hFindFile=0x5c8dd0 | out: hFindFile=0x5c8dd0) returned 1 [0145.906] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0145.906] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.906] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.907] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.907] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.907] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.907] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.907] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\PrintHood\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\printhood\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0145.907] GetLastError () returned 0x5 [0145.907] GetLastError () returned 0x5 [0145.907] SetLastError (dwErrCode=0x5) [0145.907] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Recent", cAlternateFileName="")) returned 1 [0145.907] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.907] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.907] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.907] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.907] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.908] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.908] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Recent\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\recent\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0145.908] GetLastError () returned 0x5 [0145.908] GetLastError () returned 0x5 [0145.908] SetLastError (dwErrCode=0x5) [0145.908] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0145.908] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.908] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.908] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.908] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.908] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.908] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.908] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x159f350 [0145.909] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.909] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.909] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.909] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.909] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.909] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.909] FindNextFileW (in: hFindFile=0x159f350, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="..", cAlternateFileName="")) returned 1 [0145.909] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.909] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.909] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.909] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.909] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.909] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.910] FindNextFileW (in: hFindFile=0x159f350, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7f3e63bb, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5220, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0145.910] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.910] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.910] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.910] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.910] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.910] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.910] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.910] GetFileType (hFile=0x290) returned 0x1 [0145.910] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21024) returned 1 [0145.911] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21024) returned 1 [0145.911] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.911] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.912] CloseHandle (hObject=0x290) returned 1 [0145.912] FindNextFileW (in: hFindFile=0x159f350, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.912] GetLastError () returned 0x12 [0145.912] GetLastError () returned 0x12 [0145.912] SetLastError (dwErrCode=0x12) [0145.912] FindClose (in: hFindFile=0x159f350 | out: hFindFile=0x159f350) returned 1 [0145.912] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Searches", cAlternateFileName="")) returned 1 [0145.912] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.912] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.912] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.913] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.913] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.913] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.913] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x159f050 [0145.913] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.913] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.913] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.913] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.913] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.913] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.913] FindNextFileW (in: hFindFile=0x159f050, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.914] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.914] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.914] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.914] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.914] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.914] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.914] FindNextFileW (in: hFindFile=0x159f050, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7f40c5d9, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5310, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0145.914] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.914] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.914] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.914] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.914] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.914] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.915] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.915] GetFileType (hFile=0x290) returned 0x1 [0145.915] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21264) returned 1 [0145.915] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21264) returned 1 [0145.915] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.915] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.916] CloseHandle (hObject=0x290) returned 1 [0145.916] FindNextFileW (in: hFindFile=0x159f050, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x437a1142, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0145.916] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.916] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.916] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.916] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.916] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.916] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.917] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.917] GetLastError () returned 0x5 [0145.917] GetLastError () returned 0x5 [0145.917] SetLastError (dwErrCode=0x5) [0145.917] GetLastError () returned 0x5 [0145.917] SetLastError (dwErrCode=0x5) [0145.917] GetLastError () returned 0x5 [0145.917] SetLastError (dwErrCode=0x5) [0145.917] GetLastError () returned 0x5 [0145.918] SetLastError (dwErrCode=0x5) [0145.918] FindNextFileW (in: hFindFile=0x159f050, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x4377acca, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4377acca, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4377acca, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0145.918] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.918] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.918] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.918] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.918] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.918] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.918] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.918] GetLastError () returned 0x5 [0145.918] GetLastError () returned 0x5 [0145.919] SetLastError (dwErrCode=0x5) [0145.919] GetLastError () returned 0x5 [0145.919] SetLastError (dwErrCode=0x5) [0145.919] GetLastError () returned 0x5 [0145.919] SetLastError (dwErrCode=0x5) [0145.919] GetLastError () returned 0x5 [0145.919] SetLastError (dwErrCode=0x5) [0145.919] FindNextFileW (in: hFindFile=0x159f050, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.919] GetLastError () returned 0x12 [0145.919] GetLastError () returned 0x12 [0145.919] SetLastError (dwErrCode=0x12) [0145.919] FindClose (in: hFindFile=0x159f050 | out: hFindFile=0x159f050) returned 1 [0145.919] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="SendTo", cAlternateFileName="")) returned 1 [0145.919] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.919] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.920] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.920] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.920] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.920] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.920] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\SendTo\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\sendto\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0145.920] GetLastError () returned 0x5 [0145.920] GetLastError () returned 0x5 [0145.920] SetLastError (dwErrCode=0x5) [0145.920] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0145.920] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.920] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.920] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.920] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.920] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.920] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.921] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Start Menu\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\start menu\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0145.921] GetLastError () returned 0x5 [0145.921] GetLastError () returned 0x5 [0145.921] SetLastError (dwErrCode=0x5) [0145.921] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0145.921] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.921] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.921] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.921] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.921] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.921] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.921] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Templates\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\templates\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0xffffffffffffffff [0145.921] GetLastError () returned 0x5 [0145.921] GetLastError () returned 0x5 [0145.922] SetLastError (dwErrCode=0x5) [0145.922] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe1aee205, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe1aee205, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Videos", cAlternateFileName="")) returned 1 [0145.922] FileTimeToSystemTime (in: lpFileTime=0xcbe2e4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.922] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.922] FileTimeToSystemTime (in: lpFileTime=0xcbe2ec, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.922] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.922] FileTimeToSystemTime (in: lpFileTime=0xcbe2f4, lpSystemTime=0xcbe280 | out: lpSystemTime=0xcbe280) returned 1 [0145.922] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbe280, lpLocalTime=0xcbe270 | out: lpLocalTime=0xcbe270) returned 1 [0145.922] FindFirstFileExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\*.*" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\*.*"), fInfoLevelId=0x0, lpFindFileData=0xcbd9f0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x0 | out: lpFindFileData=0xcbd9f0) returned 0x159eab0 [0145.922] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.922] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.922] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.922] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.923] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.923] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.923] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe1aee205, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe1aee205, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.923] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.923] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.923] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.923] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.923] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.923] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.923] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x913acd0, ftCreationTime.dwHighDateTime=0x1d9266f, ftLastAccessTime.dwLowDateTime=0x8b1a3a90, ftLastAccessTime.dwHighDateTime=0x1d93381, ftLastWriteTime.dwLowDateTime=0x7f45a060, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xc875, dwReserved0=0x0, dwReserved1=0x0, cFileName="20JqE Cm5e6wvbNcfi.flv", cAlternateFileName="20JQEC~1.FLV")) returned 1 [0145.923] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.923] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.923] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.923] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.924] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.924] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.924] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\20JqE Cm5e6wvbNcfi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\20jqe cm5e6wvbncfi.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.924] GetFileType (hFile=0x290) returned 0x1 [0145.924] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=51317) returned 1 [0145.924] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=51317) returned 1 [0145.925] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.925] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.925] CloseHandle (hObject=0x290) returned 1 [0145.925] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb4d36d0, ftCreationTime.dwHighDateTime=0x1d925d8, ftLastAccessTime.dwLowDateTime=0x57feaf0, ftLastAccessTime.dwHighDateTime=0x1d92c52, ftLastWriteTime.dwLowDateTime=0x7f47ef7e, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xfd54, dwReserved0=0x0, dwReserved1=0x0, cFileName="450j6K2lEvQhK3n.avi", cAlternateFileName="450J6K~1.AVI")) returned 1 [0145.925] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.925] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.926] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.926] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.926] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.926] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.926] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\450j6K2lEvQhK3n.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\450j6k2levqhk3n.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.926] GetFileType (hFile=0x290) returned 0x1 [0145.927] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=64852) returned 1 [0145.927] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=64852) returned 1 [0145.927] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.927] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.929] CloseHandle (hObject=0x290) returned 1 [0145.929] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2c3b3e0, ftCreationTime.dwHighDateTime=0x1d92f19, ftLastAccessTime.dwLowDateTime=0x41de72b0, ftLastAccessTime.dwHighDateTime=0x1d9346c, ftLastWriteTime.dwLowDateTime=0x7f4a5021, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x19d6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="5KrU43Tq4lU3ovL.swf", cAlternateFileName="5KRU43~1.SWF")) returned 1 [0145.929] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.930] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.930] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.930] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.930] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.930] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.930] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\5KrU43Tq4lU3ovL.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\5kru43tq4lu3ovl.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.930] GetFileType (hFile=0x290) returned 0x1 [0145.930] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=105839) returned 1 [0145.931] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=105839) returned 1 [0145.931] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.931] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.931] CloseHandle (hObject=0x290) returned 1 [0145.931] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbaa138c0, ftCreationTime.dwHighDateTime=0x1d92adc, ftLastAccessTime.dwLowDateTime=0xa6c9fd20, ftLastAccessTime.dwHighDateTime=0x1d92b25, ftLastWriteTime.dwLowDateTime=0x7f4cb8de, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x12e73, dwReserved0=0x0, dwReserved1=0x0, cFileName="6h1ZcPvX-.avi", cAlternateFileName="6H1ZCP~1.AVI")) returned 1 [0145.931] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.932] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.932] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.932] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.932] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.932] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.932] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\6h1ZcPvX-.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\6h1zcpvx-.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.932] GetFileType (hFile=0x290) returned 0x1 [0145.932] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=77427) returned 1 [0145.933] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=77427) returned 1 [0145.933] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.933] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0145.933] CloseHandle (hObject=0x290) returned 1 [0145.933] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf5f3460, ftCreationTime.dwHighDateTime=0x1d9328f, ftLastAccessTime.dwLowDateTime=0xecf41bf0, ftLastAccessTime.dwHighDateTime=0x1d93471, ftLastWriteTime.dwLowDateTime=0x7f517927, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xa1e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="6xGdnFO5Q_.mp4", cAlternateFileName="6XGDNF~1.MP4")) returned 1 [0145.933] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.934] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.934] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.934] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.934] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0145.934] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0145.934] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\6xGdnFO5Q_.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\6xgdnfo5q_.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0145.934] GetFileType (hFile=0x290) returned 0x1 [0145.934] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=41444) returned 1 [0145.935] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=41444) returned 1 [0145.935] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0145.935] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.007] CloseHandle (hObject=0x290) returned 1 [0146.008] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x724b1470, ftCreationTime.dwHighDateTime=0x1d92f81, ftLastAccessTime.dwLowDateTime=0xb9e25070, ftLastAccessTime.dwHighDateTime=0x1d933ee, ftLastWriteTime.dwLowDateTime=0x7f53de54, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x10dfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="aoyCAw5Qajftw0RqZ.mkv", cAlternateFileName="AOYCAW~1.MKV")) returned 1 [0146.008] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.009] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.009] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.009] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.009] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.009] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.010] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\aoyCAw5Qajftw0RqZ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\aoycaw5qajftw0rqz.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.012] GetFileType (hFile=0x290) returned 0x1 [0146.012] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=69117) returned 1 [0146.013] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=69117) returned 1 [0146.013] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.014] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.015] CloseHandle (hObject=0x290) returned 1 [0146.015] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc12ac2e0, ftCreationTime.dwHighDateTime=0x1d9325e, ftLastAccessTime.dwLowDateTime=0x2f71e30, ftLastAccessTime.dwHighDateTime=0x1d9360b, ftLastWriteTime.dwLowDateTime=0x7f589ee3, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1d488, dwReserved0=0x0, dwReserved1=0x0, cFileName="auWbn4Aenq.mp4", cAlternateFileName="AUWBN4~1.MP4")) returned 1 [0146.015] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.015] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.016] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.016] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.016] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.016] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.016] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\auWbn4Aenq.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\auwbn4aenq.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.016] GetFileType (hFile=0x290) returned 0x1 [0146.016] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=119944) returned 1 [0146.017] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=119944) returned 1 [0146.017] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.017] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.017] CloseHandle (hObject=0x290) returned 1 [0146.018] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1fb820, ftCreationTime.dwHighDateTime=0x1d93144, ftLastAccessTime.dwLowDateTime=0x793ee2b0, ftLastAccessTime.dwHighDateTime=0x1d9338d, ftLastWriteTime.dwLowDateTime=0x7f5fc5e2, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xd9f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="cFQCAjt-9.avi", cAlternateFileName="CFQCAJ~1.AVI")) returned 1 [0146.018] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.018] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.018] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.018] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.018] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.018] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.018] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\cFQCAjt-9.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\cfqcajt-9.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.019] GetFileType (hFile=0x290) returned 0x1 [0146.019] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=55794) returned 1 [0146.019] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=55794) returned 1 [0146.019] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.019] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.020] CloseHandle (hObject=0x290) returned 1 [0146.020] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7caa20, ftCreationTime.dwHighDateTime=0x1d935d0, ftLastAccessTime.dwLowDateTime=0xac33ce40, ftLastAccessTime.dwHighDateTime=0x1d935fb, ftLastWriteTime.dwLowDateTime=0x7f6227b7, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xf916, dwReserved0=0x0, dwReserved1=0x0, cFileName="CLdzw536TG.mp4", cAlternateFileName="CLDZW5~1.MP4")) returned 1 [0146.020] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.020] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.021] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.021] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.021] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.021] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.022] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\CLdzw536TG.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\cldzw536tg.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.022] GetFileType (hFile=0x290) returned 0x1 [0146.022] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=63766) returned 1 [0146.022] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=63766) returned 1 [0146.022] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.022] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.023] CloseHandle (hObject=0x290) returned 1 [0146.023] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98d38680, ftCreationTime.dwHighDateTime=0x1d926d1, ftLastAccessTime.dwLowDateTime=0xdf1464e0, ftLastAccessTime.dwHighDateTime=0x1d9343f, ftLastWriteTime.dwLowDateTime=0x7f649add, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x117b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="CXrX4S7HWEbBL.swf", cAlternateFileName="CXRX4S~1.SWF")) returned 1 [0146.023] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.023] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.023] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.023] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.023] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.024] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.024] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\CXrX4S7HWEbBL.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\cxrx4s7hwebbl.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.024] GetFileType (hFile=0x290) returned 0x1 [0146.024] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=71601) returned 1 [0146.024] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=71601) returned 1 [0146.024] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.025] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.025] CloseHandle (hObject=0x290) returned 1 [0146.025] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4347fe61, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4347fe61, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7f66ebfe, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5300, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0146.025] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.025] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.025] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.026] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.026] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.026] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.026] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.026] GetFileType (hFile=0x290) returned 0x1 [0146.026] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=21248) returned 1 [0146.026] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=21248) returned 1 [0146.027] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.027] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.027] CloseHandle (hObject=0x290) returned 1 [0146.028] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x30051800, ftCreationTime.dwHighDateTime=0x1d934b7, ftLastAccessTime.dwLowDateTime=0x77157a90, ftLastAccessTime.dwHighDateTime=0x1d93620, ftLastWriteTime.dwLowDateTime=0x7f6954e8, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x9a50, dwReserved0=0x0, dwReserved1=0x0, cFileName="dOhOXBSwvqLZkoH9xQ.swf", cAlternateFileName="DOHOXB~1.SWF")) returned 1 [0146.028] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.028] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.028] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.028] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.028] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.028] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.028] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dOhOXBSwvqLZkoH9xQ.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\dohoxbswvqlzkoh9xq.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.028] GetFileType (hFile=0x290) returned 0x1 [0146.029] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=39504) returned 1 [0146.029] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=39504) returned 1 [0146.029] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.029] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.031] CloseHandle (hObject=0x290) returned 1 [0146.031] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb704b00, ftCreationTime.dwHighDateTime=0x1d92d59, ftLastAccessTime.dwLowDateTime=0x159080a0, ftLastAccessTime.dwHighDateTime=0x1d935d8, ftLastWriteTime.dwLowDateTime=0x7f6bb14e, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1752c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DXvT6A.swf", cAlternateFileName="")) returned 1 [0146.031] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.031] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.031] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.031] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.031] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.031] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.032] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\DXvT6A.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\dxvt6a.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.032] GetFileType (hFile=0x290) returned 0x1 [0146.032] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=95532) returned 1 [0146.032] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=95532) returned 1 [0146.032] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.032] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.033] CloseHandle (hObject=0x290) returned 1 [0146.033] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3332d90, ftCreationTime.dwHighDateTime=0x1d92610, ftLastAccessTime.dwLowDateTime=0x6987b900, ftLastAccessTime.dwHighDateTime=0x1d92f28, ftLastWriteTime.dwLowDateTime=0x7f6e13b9, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x16afc, dwReserved0=0x0, dwReserved1=0x0, cFileName="D_kC7XGuuJT.mp4", cAlternateFileName="D_KC7X~1.MP4")) returned 1 [0146.033] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.033] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.034] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.034] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.034] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.034] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.034] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\D_kC7XGuuJT.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\d_kc7xguujt.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.034] GetFileType (hFile=0x290) returned 0x1 [0146.034] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=92924) returned 1 [0146.035] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=92924) returned 1 [0146.035] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.035] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.035] CloseHandle (hObject=0x290) returned 1 [0146.036] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5dc6aa30, ftCreationTime.dwHighDateTime=0x1d92beb, ftLastAccessTime.dwLowDateTime=0x1d0f8390, ftLastAccessTime.dwHighDateTime=0x1d92e8e, ftLastWriteTime.dwLowDateTime=0x7f707598, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5be0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FLXxvVNl.swf", cAlternateFileName="")) returned 1 [0146.036] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.036] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.037] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.037] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.037] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.037] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.037] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\FLXxvVNl.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\flxxvvnl.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.038] GetFileType (hFile=0x290) returned 0x1 [0146.038] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=23520) returned 1 [0146.038] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=23520) returned 1 [0146.038] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.038] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.039] CloseHandle (hObject=0x290) returned 1 [0146.039] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef1e4a50, ftCreationTime.dwHighDateTime=0x1d92b2e, ftLastAccessTime.dwLowDateTime=0x3e3fb280, ftLastAccessTime.dwHighDateTime=0x1d935a8, ftLastWriteTime.dwLowDateTime=0x7f707598, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xb354, dwReserved0=0x0, dwReserved1=0x0, cFileName="i3QToQLiB.mkv", cAlternateFileName="I3QTOQ~1.MKV")) returned 1 [0146.039] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.039] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.039] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.039] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.039] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.039] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.040] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\i3QToQLiB.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\i3qtoqlib.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.040] GetFileType (hFile=0x290) returned 0x1 [0146.040] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=45908) returned 1 [0146.040] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=45908) returned 1 [0146.040] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.040] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.041] CloseHandle (hObject=0x290) returned 1 [0146.041] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfea92210, ftCreationTime.dwHighDateTime=0x1d932ef, ftLastAccessTime.dwLowDateTime=0x6ed45240, ftLastAccessTime.dwHighDateTime=0x1d93529, ftLastWriteTime.dwLowDateTime=0x7f72d7fe, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1508b, dwReserved0=0x0, dwReserved1=0x0, cFileName="L8br.swf", cAlternateFileName="")) returned 1 [0146.041] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.041] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.041] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.041] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.041] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.041] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.042] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\L8br.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\l8br.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.042] GetFileType (hFile=0x290) returned 0x1 [0146.042] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=86155) returned 1 [0146.042] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=86155) returned 1 [0146.042] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.042] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.087] CloseHandle (hObject=0x290) returned 1 [0146.087] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa066c250, ftCreationTime.dwHighDateTime=0x1d92a8b, ftLastAccessTime.dwLowDateTime=0x74a550b0, ftLastAccessTime.dwHighDateTime=0x1d92dd7, ftLastWriteTime.dwLowDateTime=0x7f753e4b, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x6d50, dwReserved0=0x0, dwReserved1=0x0, cFileName="m6XkSaeR.avi", cAlternateFileName="")) returned 1 [0146.087] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.087] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.087] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.087] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.088] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.088] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.088] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\m6XkSaeR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\m6xksaer.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.088] GetFileType (hFile=0x290) returned 0x1 [0146.088] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=27984) returned 1 [0146.088] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=27984) returned 1 [0146.089] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.089] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.089] CloseHandle (hObject=0x290) returned 1 [0146.089] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf1830a0, ftCreationTime.dwHighDateTime=0x1d92cd3, ftLastAccessTime.dwLowDateTime=0x897dd1d0, ftLastAccessTime.dwHighDateTime=0x1d930d2, ftLastWriteTime.dwLowDateTime=0x7f779cf6, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x17995, dwReserved0=0x0, dwReserved1=0x0, cFileName="Nfz8xn.flv", cAlternateFileName="")) returned 1 [0146.090] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.090] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.090] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.090] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.090] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.090] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.090] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Nfz8xn.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\nfz8xn.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.090] GetFileType (hFile=0x290) returned 0x1 [0146.091] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=96661) returned 1 [0146.091] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=96661) returned 1 [0146.091] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.091] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.091] CloseHandle (hObject=0x290) returned 1 [0146.092] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86077f80, ftCreationTime.dwHighDateTime=0x1d9296e, ftLastAccessTime.dwLowDateTime=0x95b2cfd0, ftLastAccessTime.dwHighDateTime=0x1d930e8, ftLastWriteTime.dwLowDateTime=0x7f79feec, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0xe5cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="qv8vJ_2.flv", cAlternateFileName="")) returned 1 [0146.092] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.092] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.092] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.092] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.092] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.092] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.092] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\qv8vJ_2.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\qv8vj_2.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.093] GetFileType (hFile=0x290) returned 0x1 [0146.093] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=58829) returned 1 [0146.093] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=58829) returned 1 [0146.093] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.093] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.094] CloseHandle (hObject=0x290) returned 1 [0146.094] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbcc4dd0, ftCreationTime.dwHighDateTime=0x1d92b83, ftLastAccessTime.dwLowDateTime=0xb7d5f640, ftLastAccessTime.dwHighDateTime=0x1d92dba, ftLastWriteTime.dwLowDateTime=0x7f7ec3f2, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x5920, dwReserved0=0x0, dwReserved1=0x0, cFileName="r4 aP8m.mp4", cAlternateFileName="R4AP8M~1.MP4")) returned 1 [0146.094] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.094] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.094] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.094] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.094] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.094] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.095] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\r4 aP8m.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\r4 ap8m.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.095] GetFileType (hFile=0x290) returned 0x1 [0146.095] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=22816) returned 1 [0146.095] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=22816) returned 1 [0146.095] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.095] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.096] CloseHandle (hObject=0x290) returned 1 [0146.096] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca767330, ftCreationTime.dwHighDateTime=0x1d9339e, ftLastAccessTime.dwLowDateTime=0xf9e5b570, ftLastAccessTime.dwHighDateTime=0x1d933d2, ftLastWriteTime.dwLowDateTime=0x7f7ec3f2, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x60e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RtNwIB-43m.swf", cAlternateFileName="RTNWIB~1.SWF")) returned 1 [0146.096] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.096] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.096] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.096] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.096] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.096] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.097] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\RtNwIB-43m.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\rtnwib-43m.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.097] GetFileType (hFile=0x290) returned 0x1 [0146.097] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=24800) returned 1 [0146.097] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=24800) returned 1 [0146.097] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.098] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.098] CloseHandle (hObject=0x290) returned 1 [0146.098] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce4f54f0, ftCreationTime.dwHighDateTime=0x1d92bb9, ftLastAccessTime.dwLowDateTime=0x23dc44d0, ftLastAccessTime.dwHighDateTime=0x1d93008, ftLastWriteTime.dwLowDateTime=0x7f812c2a, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1cb21, dwReserved0=0x0, dwReserved1=0x0, cFileName="rx_L5.mkv", cAlternateFileName="")) returned 1 [0146.098] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.098] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.099] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.099] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.099] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.099] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.100] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\rx_L5.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\rx_l5.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.100] GetFileType (hFile=0x290) returned 0x1 [0146.100] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=117537) returned 1 [0146.100] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=117537) returned 1 [0146.100] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.100] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.101] CloseHandle (hObject=0x290) returned 1 [0146.101] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2e20860, ftCreationTime.dwHighDateTime=0x1d930db, ftLastAccessTime.dwLowDateTime=0xae2698d0, ftLastAccessTime.dwHighDateTime=0x1d93593, ftLastWriteTime.dwLowDateTime=0x7f838aa7, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1684e, dwReserved0=0x0, dwReserved1=0x0, cFileName="sb8Hk69e2bii.mkv", cAlternateFileName="SB8HK6~1.MKV")) returned 1 [0146.101] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.101] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.101] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.101] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.101] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.101] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.102] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\sb8Hk69e2bii.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\sb8hk69e2bii.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.102] GetFileType (hFile=0x290) returned 0x1 [0146.102] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=92238) returned 1 [0146.102] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=92238) returned 1 [0146.102] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.102] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.103] CloseHandle (hObject=0x290) returned 1 [0146.103] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x304e39b0, ftCreationTime.dwHighDateTime=0x1d92b19, ftLastAccessTime.dwLowDateTime=0xd9dea160, ftLastAccessTime.dwHighDateTime=0x1d92f22, ftLastWriteTime.dwLowDateTime=0x7f96d0cf, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x17a9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="selU_KIo.avi", cAlternateFileName="")) returned 1 [0146.103] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.103] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.103] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.103] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.103] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.103] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.104] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\selU_KIo.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\selu_kio.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.104] GetFileType (hFile=0x290) returned 0x1 [0146.104] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=96925) returned 1 [0146.104] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=96925) returned 1 [0146.104] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.104] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.105] CloseHandle (hObject=0x290) returned 1 [0146.105] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7363fa0, ftCreationTime.dwHighDateTime=0x1d9301e, ftLastAccessTime.dwLowDateTime=0x54a2c80, ftLastAccessTime.dwHighDateTime=0x1d93206, ftLastWriteTime.dwLowDateTime=0x7f990479, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x13ce1, dwReserved0=0x0, dwReserved1=0x0, cFileName="SVaiBlmdG1piqxMJ1.swf", cAlternateFileName="SVAIBL~1.SWF")) returned 1 [0146.105] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.105] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.105] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.105] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.105] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.106] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.106] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\SVaiBlmdG1piqxMJ1.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\svaiblmdg1piqxmj1.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.106] GetFileType (hFile=0x290) returned 0x1 [0146.106] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=81121) returned 1 [0146.106] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=81121) returned 1 [0146.106] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.107] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.107] CloseHandle (hObject=0x290) returned 1 [0146.107] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b124ae0, ftCreationTime.dwHighDateTime=0x1d9361e, ftLastAccessTime.dwLowDateTime=0xb3898960, ftLastAccessTime.dwHighDateTime=0x1d93627, ftLastWriteTime.dwLowDateTime=0x7fa0243b, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x13db4, dwReserved0=0x0, dwReserved1=0x0, cFileName="w1eNTJHkZu7fh3.flv", cAlternateFileName="W1ENTJ~1.FLV")) returned 1 [0146.107] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.107] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.107] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.107] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.107] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.108] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.108] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\w1eNTJHkZu7fh3.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\w1entjhkzu7fh3.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.108] GetFileType (hFile=0x290) returned 0x1 [0146.108] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=81332) returned 1 [0146.108] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=81332) returned 1 [0146.108] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.109] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.109] CloseHandle (hObject=0x290) returned 1 [0146.109] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7c75830, ftCreationTime.dwHighDateTime=0x1d92944, ftLastAccessTime.dwLowDateTime=0x80514530, ftLastAccessTime.dwHighDateTime=0x1d93517, ftLastWriteTime.dwLowDateTime=0x7fa0243b, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x98b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wax 7.mp4", cAlternateFileName="WAX7~1.MP4")) returned 1 [0146.109] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.109] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.109] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.109] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.109] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.110] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.110] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Wax 7.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\wax 7.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.110] GetFileType (hFile=0x290) returned 0x1 [0146.110] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=39088) returned 1 [0146.110] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=39088) returned 1 [0146.110] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.111] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.111] CloseHandle (hObject=0x290) returned 1 [0146.111] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf15325d0, ftCreationTime.dwHighDateTime=0x1d9313b, ftLastAccessTime.dwLowDateTime=0xf1127f00, ftLastAccessTime.dwHighDateTime=0x1d9321a, ftLastWriteTime.dwLowDateTime=0x7fa29957, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x1740b, dwReserved0=0x0, dwReserved1=0x0, cFileName="zUyYqWvMI4.flv", cAlternateFileName="ZUYYQW~1.FLV")) returned 1 [0146.111] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.111] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.111] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.112] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.112] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.112] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.112] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\zUyYqWvMI4.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\zuyyqwvmi4.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.112] GetFileType (hFile=0x290) returned 0x1 [0146.112] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=95243) returned 1 [0146.112] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=95243) returned 1 [0146.113] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.113] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.113] CloseHandle (hObject=0x290) returned 1 [0146.113] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x476668a0, ftCreationTime.dwHighDateTime=0x1d92c06, ftLastAccessTime.dwLowDateTime=0x62061e60, ftLastAccessTime.dwHighDateTime=0x1d92f69, ftLastWriteTime.dwLowDateTime=0x7fa4e967, ftLastWriteTime.dwHighDateTime=0x1d947a8, nFileSizeHigh=0x0, nFileSizeLow=0x83a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_93Ekpde.swf", cAlternateFileName="")) returned 1 [0146.113] FileTimeToSystemTime (in: lpFileTime=0xcbd9f4, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.113] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.114] FileTimeToSystemTime (in: lpFileTime=0xcbd9fc, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.114] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.114] FileTimeToSystemTime (in: lpFileTime=0xcbda04, lpSystemTime=0xcbd990 | out: lpSystemTime=0xcbd990) returned 1 [0146.114] SystemTimeToTzSpecificLocalTime (in: lpTimeZoneInformation=0x0, lpUniversalTime=0xcbd990, lpLocalTime=0xcbd980 | out: lpLocalTime=0xcbd980) returned 1 [0146.115] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\_93Ekpde.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\_93ekpde.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0xcb38c8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x290 [0146.115] GetFileType (hFile=0x290) returned 0x1 [0146.115] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x2 | out: lpNewFilePointer=0xcb3a58*=33696) returned 1 [0146.115] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a08, dwMoveMethod=0x1 | out: lpNewFilePointer=0xcb3a08*=33696) returned 1 [0146.115] SetFilePointerEx (in: hFile=0x290, liDistanceToMove=0x0, lpNewFilePointer=0xcb3a58, dwMoveMethod=0x0 | out: lpNewFilePointer=0xcb3a58*=0) returned 1 [0146.115] ReadFile (in: hFile=0x290, lpBuffer=0xcb3c10, nNumberOfBytesToRead=0x5000, lpNumberOfBytesRead=0xcb39c8, lpOverlapped=0x0 | out: lpBuffer=0xcb3c10*, lpNumberOfBytesRead=0xcb39c8*=0x5000, lpOverlapped=0x0) returned 1 [0146.116] CloseHandle (hObject=0x290) returned 1 [0146.116] FindNextFileW (in: hFindFile=0x159eab0, lpFindFileData=0xcbd9f0 | out: lpFindFileData=0xcbd9f0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0146.116] GetLastError () returned 0x12 [0146.116] GetLastError () returned 0x12 [0146.116] SetLastError (dwErrCode=0x12) [0146.116] FindClose (in: hFindFile=0x159eab0 | out: hFindFile=0x159eab0) returned 1 [0146.117] FindNextFileW (in: hFindFile=0x5d02c0, lpFindFileData=0xcbe2e0 | out: lpFindFileData=0xcbe2e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xe1aee205, ftLastAccessTime.dwHighDateTime=0x1d93631, ftLastWriteTime.dwLowDateTime=0xe1aee205, ftLastWriteTime.dwHighDateTime=0x1d93631, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x5c0058, cFileName="Videos", cAlternateFileName="翸")) returned 0 [0146.117] GetLastError () returned 0x12 [0146.117] GetLastError () returned 0x12 [0146.117] SetLastError (dwErrCode=0x12) [0146.117] FindClose (in: hFindFile=0x5d02c0 | out: hFindFile=0x5d02c0) returned 1 [0146.117] FindNextFileW (in: hFindFile=0x5d0740, lpFindFileData=0xcbebd0 | out: lpFindFileData=0xcbebd0*(dwFileAttributes=0x3a0043, ftCreationTime.dwLowDateTime=0x55005c, ftCreationTime.dwHighDateTime=0x650073, ftLastAccessTime.dwLowDateTime=0x730072, ftLastAccessTime.dwHighDateTime=0x52005c, ftLastWriteTime.dwLowDateTime=0x680044, ftLastWriteTime.dwHighDateTime=0x30004a, nFileSizeHigh=0x4e0043, nFileSizeLow=0x650046, dwReserved0=0x7a0076, dwReserved1=0x5c0058, cFileName="Videos\\", cAlternateFileName="翸")) returned 0 [0146.117] GetLastError () returned 0x12 [0146.117] GetLastError () returned 0x12 [0146.117] SetLastError (dwErrCode=0x12) [0146.117] FindClose (in: hFindFile=0x5d0740 | out: hFindFile=0x5d0740) returned 1 [0146.118] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5c4190 | out: hHeap=0x5c0000) returned 1 [0146.118] HeapFree (in: hHeap=0x5c0000, dwFlags=0x0, lpMem=0x5ec0e0 | out: hHeap=0x5c0000) returned 1 Thread: id = 426 os_tid = 0x13e0 [0144.685] GetLastError () returned 0x57 [0144.685] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x80) returned 0x5c8790 [0144.685] SetLastError (dwErrCode=0x57) [0144.685] GetLastError () returned 0x57 [0144.685] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c8) returned 0x5eae00 [0144.685] SetLastError (dwErrCode=0x57) Thread: id = 427 os_tid = 0x13e4 [0144.870] GetLastError () returned 0x57 [0144.870] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x80) returned 0x5f32c0 [0144.870] SetLastError (dwErrCode=0x57) [0144.870] GetLastError () returned 0x57 [0144.870] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c8) returned 0x5fd1d0 [0144.871] SetLastError (dwErrCode=0x57) Thread: id = 428 os_tid = 0x13e8 [0144.938] GetLastError () returned 0x57 [0144.938] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x80) returned 0x5f38f0 [0144.938] SetLastError (dwErrCode=0x57) [0144.938] GetLastError () returned 0x57 [0144.939] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c8) returned 0x615540 [0144.939] SetLastError (dwErrCode=0x57) Thread: id = 429 os_tid = 0x13ec [0145.152] GetLastError () returned 0x57 [0145.152] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x80) returned 0x5f3980 [0145.152] SetLastError (dwErrCode=0x57) [0145.152] GetLastError () returned 0x57 [0145.152] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c8) returned 0x5f0f80 [0145.152] SetLastError (dwErrCode=0x57) Thread: id = 430 os_tid = 0x13f0 [0145.251] GetLastError () returned 0x57 [0145.251] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x80) returned 0x5f3a10 [0145.251] SetLastError (dwErrCode=0x57) [0145.251] GetLastError () returned 0x57 [0145.251] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c8) returned 0x614970 [0145.251] SetLastError (dwErrCode=0x57) Thread: id = 431 os_tid = 0x13f4 [0145.260] GetLastError () returned 0x57 [0145.260] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x80) returned 0x5f3aa0 [0145.260] SetLastError (dwErrCode=0x57) [0145.260] GetLastError () returned 0x57 [0145.260] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c8) returned 0x62a7e0 [0145.261] SetLastError (dwErrCode=0x57) Thread: id = 432 os_tid = 0x13f8 [0145.328] GetLastError () returned 0x57 [0145.328] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x80) returned 0x5f3b30 [0145.328] SetLastError (dwErrCode=0x57) [0145.328] GetLastError () returned 0x57 [0145.328] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c8) returned 0x6638f0 [0145.328] SetLastError (dwErrCode=0x57) Thread: id = 433 os_tid = 0x13fc [0145.424] GetLastError () returned 0x57 [0145.424] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x80) returned 0x5f3ce0 [0145.424] SetLastError (dwErrCode=0x57) [0145.424] GetLastError () returned 0x57 [0145.424] RtlAllocateHeap (HeapHandle=0x5c0000, Flags=0x8, Size=0x3c8) returned 0x66c5a0 [0145.424] SetLastError (dwErrCode=0x57) Process: id = "22" image_name = "backgroundtransferhost.exe" filename = "c:\\windows\\system32\\backgroundtransferhost.exe" page_root = "0x7bcd1000" os_pid = "0x1078" os_integrity_level = "0x1000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x274" cmd_line = "\"BackgroundTransferHost.exe\" -ServerName:BackgroundTransferHost.1" cur_dir = "C:\\Windows\\SystemApps\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f229" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3169 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3170 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3171 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 3172 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 3173 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 3174 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3175 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3176 start_va = 0x7df5ffe60000 end_va = 0x7ff5ffe5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffe60000" filename = "" Region: id = 3177 start_va = 0x7ff7d3920000 end_va = 0x7ff7d3942fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7d3920000" filename = "" Region: id = 3178 start_va = 0x7ff7d43d0000 end_va = 0x7ff7d43dcfff monitored = 0 entry_point = 0x7ff7d43d27b0 region_type = mapped_file name = "backgroundtransferhost.exe" filename = "\\Windows\\System32\\BackgroundTransferHost.exe" (normalized: "c:\\windows\\system32\\backgroundtransferhost.exe") Region: id = 3179 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3180 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep") Region: id = 3181 start_va = 0x400000 end_va = 0x546fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3182 start_va = 0x550000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 3183 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 3184 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3185 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3186 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3187 start_va = 0x7ff7d3820000 end_va = 0x7ff7d391ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff7d3820000" filename = "" Region: id = 3188 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3189 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3190 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3191 start_va = 0x540000 end_va = 0x546fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 3192 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3193 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3194 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3195 start_va = 0x700000 end_va = 0x8b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 3196 start_va = 0x8c0000 end_va = 0xabffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 3197 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 3198 start_va = 0x700000 end_va = 0x7dcfff monitored = 0 entry_point = 0x75e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3199 start_va = 0x8b0000 end_va = 0x8b6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 3200 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3201 start_va = 0x1c0000 end_va = 0x1edfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 3202 start_va = 0x480000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 3203 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 3204 start_va = 0x7ff8ff260000 end_va = 0x7ff8ff35ffff monitored = 0 entry_point = 0x7ff8ff2a0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 3205 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3206 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3207 start_va = 0x7ff8fb240000 end_va = 0x7ff8fb375fff monitored = 0 entry_point = 0x7ff8fb26f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 3208 start_va = 0x7ff900a50000 end_va = 0x7ff900b04fff monitored = 0 entry_point = 0x7ff900a922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 3209 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3210 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3211 start_va = 0x500000 end_va = 0x538fff monitored = 0 entry_point = 0x5012f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3212 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 3213 start_va = 0x7ff901e30000 end_va = 0x7ff901e6afff monitored = 0 entry_point = 0x7ff901e312f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3214 start_va = 0xf0000 end_va = 0xf0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 3215 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 3216 start_va = 0xa00000 end_va = 0xb80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 3217 start_va = 0xb90000 end_va = 0x1f8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 3219 start_va = 0x1f90000 end_va = 0x206cfff monitored = 0 entry_point = 0x1fee0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3220 start_va = 0x550000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 3221 start_va = 0x1f90000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f90000" filename = "" Region: id = 3222 start_va = 0x2010000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 3223 start_va = 0x2110000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 3225 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 3226 start_va = 0x7ff8fc470000 end_va = 0x7ff8fc57dfff monitored = 0 entry_point = 0x7ff8fc4beaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 3227 start_va = 0x7ff8fde10000 end_va = 0x7ff8fe2a2fff monitored = 0 entry_point = 0x7ff8fde1f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 3228 start_va = 0x7ff8fab70000 end_va = 0x7ff8faba2fff monitored = 0 entry_point = 0x7ff8fab7d5a0 region_type = mapped_file name = "biwinrt.dll" filename = "\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll") Region: id = 3229 start_va = 0x2190000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 3230 start_va = 0x7ff8e7d80000 end_va = 0x7ff8e7e5ffff monitored = 0 entry_point = 0x7ff8e7da5580 region_type = mapped_file name = "windows.networking.backgroundtransfer.dll" filename = "\\Windows\\System32\\Windows.Networking.BackgroundTransfer.dll" (normalized: "c:\\windows\\system32\\windows.networking.backgroundtransfer.dll") Region: id = 3231 start_va = 0x7ff9007d0000 end_va = 0x7ff900996fff monitored = 0 entry_point = 0x7ff90082db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3232 start_va = 0x7ff9007b0000 end_va = 0x7ff9007bffff monitored = 0 entry_point = 0x7ff9007b56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3233 start_va = 0x7ff8f3630000 end_va = 0x7ff8f363afff monitored = 0 entry_point = 0x7ff8f3631e70 region_type = mapped_file name = "systemeventsbrokerclient.dll" filename = "\\Windows\\System32\\SystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerclient.dll") Region: id = 3234 start_va = 0x7ff8f5fa0000 end_va = 0x7ff8f622dfff monitored = 0 entry_point = 0x7ff8f6070f00 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 3235 start_va = 0x7ff903e40000 end_va = 0x7ff903e91fff monitored = 0 entry_point = 0x7ff903e4f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3236 start_va = 0x7ff900420000 end_va = 0x7ff90044cfff monitored = 0 entry_point = 0x7ff900439d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 3237 start_va = 0x7ff8faeb0000 end_va = 0x7ff8fb231fff monitored = 0 entry_point = 0x7ff8faf01220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 3238 start_va = 0x7ff900b10000 end_va = 0x7ff901153fff monitored = 0 entry_point = 0x7ff900cd64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 3239 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3240 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3241 start_va = 0x2210000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 3242 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3243 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3247 start_va = 0x2290000 end_va = 0x25c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3248 start_va = 0x7ff8ffea0000 end_va = 0x7ff8ffebefff monitored = 0 entry_point = 0x7ff8ffea5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 3249 start_va = 0x7ff8f3eb0000 end_va = 0x7ff8f3ec4fff monitored = 0 entry_point = 0x7ff8f3eb5740 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 3251 start_va = 0x7ff8ffc30000 end_va = 0x7ff8ffc60fff monitored = 0 entry_point = 0x7ff8ffc37d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3252 start_va = 0x7ff9024a0000 end_va = 0x7ff9039fefff monitored = 0 entry_point = 0x7ff9026011f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 3253 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 3254 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3255 start_va = 0x25d0000 end_va = 0x2712fff monitored = 0 entry_point = 0x25f8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3256 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 3257 start_va = 0x520000 end_va = 0x520fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000520000" filename = "" Region: id = 3261 start_va = 0x530000 end_va = 0x531fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 3262 start_va = 0x5d0000 end_va = 0x5d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 3265 start_va = 0x25d0000 end_va = 0x264ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025d0000" filename = "" Region: id = 3267 start_va = 0x7ff8fec90000 end_va = 0x7ff8fee15fff monitored = 0 entry_point = 0x7ff8fecdd700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 3268 start_va = 0x7ff8f9340000 end_va = 0x7ff8f93edfff monitored = 0 entry_point = 0x7ff8f93580c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 3273 start_va = 0x7ff8f6d60000 end_va = 0x7ff8f6f17fff monitored = 0 entry_point = 0x7ff8f6dce630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 3274 start_va = 0x7ff901f80000 end_va = 0x7ff9020c2fff monitored = 0 entry_point = 0x7ff901fa8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3275 start_va = 0x7ff8ff0c0000 end_va = 0x7ff8ff155fff monitored = 0 entry_point = 0x7ff8ff0e5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 3276 start_va = 0x2650000 end_va = 0x2696fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002650000" filename = "" Region: id = 3277 start_va = 0x26a0000 end_va = 0x289ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 3278 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 3281 start_va = 0x7ff902270000 end_va = 0x7ff9023c9fff monitored = 0 entry_point = 0x7ff9022b38e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3282 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 3283 start_va = 0x2800000 end_va = 0x28bbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002800000" filename = "" Region: id = 3284 start_va = 0x5e0000 end_va = 0x5e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 3285 start_va = 0x7ff8fe710000 end_va = 0x7ff8fe731fff monitored = 0 entry_point = 0x7ff8fe711a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 3286 start_va = 0x7ff8eefc0000 end_va = 0x7ff8eefcdfff monitored = 0 entry_point = 0x7ff8eefc4c60 region_type = mapped_file name = "tokenbinding.dll" filename = "\\Windows\\System32\\tokenbinding.dll" (normalized: "c:\\windows\\system32\\tokenbinding.dll") Region: id = 3287 start_va = 0x7ff902180000 end_va = 0x7ff9021eafff monitored = 0 entry_point = 0x7ff9021990c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3288 start_va = 0x7ff8f80a0000 end_va = 0x7ff8f80b4fff monitored = 0 entry_point = 0x7ff8f80a2dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 3289 start_va = 0x7ff8f96d0000 end_va = 0x7ff8f9707fff monitored = 0 entry_point = 0x7ff8f96e8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3290 start_va = 0x7ff8f9760000 end_va = 0x7ff8f9827fff monitored = 0 entry_point = 0x7ff8f97a13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3291 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 3292 start_va = 0x7ff902250000 end_va = 0x7ff902257fff monitored = 0 entry_point = 0x7ff902251ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3293 start_va = 0x7ff8ff1b0000 end_va = 0x7ff8ff259fff monitored = 0 entry_point = 0x7ff8ff1d7910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3294 start_va = 0x890000 end_va = 0x89ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 3295 start_va = 0x28c0000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028c0000" filename = "" Region: id = 3296 start_va = 0x7ff900010000 end_va = 0x7ff90006bfff monitored = 0 entry_point = 0x7ff900026f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 3297 start_va = 0x7ff8f90b0000 end_va = 0x7ff8f90bafff monitored = 0 entry_point = 0x7ff8f90b1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3298 start_va = 0x2940000 end_va = 0x29bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 3301 start_va = 0x7ff8f8fe0000 end_va = 0x7ff8f9046fff monitored = 0 entry_point = 0x7ff8f8fe63e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3302 start_va = 0x7ff8f7780000 end_va = 0x7ff8f7789fff monitored = 0 entry_point = 0x7ff8f77814c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 3303 start_va = 0x8a0000 end_va = 0x8a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 3304 start_va = 0x8c0000 end_va = 0x8c9fff monitored = 0 entry_point = 0x8c15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3305 start_va = 0x8d0000 end_va = 0x8d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3306 start_va = 0x8c0000 end_va = 0x8c9fff monitored = 0 entry_point = 0x8c15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3307 start_va = 0x8d0000 end_va = 0x8d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3308 start_va = 0x8c0000 end_va = 0x8c9fff monitored = 0 entry_point = 0x8c15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3309 start_va = 0x8d0000 end_va = 0x8d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3310 start_va = 0x8c0000 end_va = 0x8c9fff monitored = 0 entry_point = 0x8c15c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\System32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll") Region: id = 3311 start_va = 0x8d0000 end_va = 0x8d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\System32\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshqos.dll.mui") Region: id = 3312 start_va = 0x8c0000 end_va = 0x8c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 3313 start_va = 0x8c0000 end_va = 0x8c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 3314 start_va = 0x8c0000 end_va = 0x8c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 3315 start_va = 0x7ff8ffc90000 end_va = 0x7ff8ffd09fff monitored = 0 entry_point = 0x7ff8ffcb1a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 3316 start_va = 0x8c0000 end_va = 0x8c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 3317 start_va = 0x7ff8eee40000 end_va = 0x7ff8eee53fff monitored = 0 entry_point = 0x7ff8eee43710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 3318 start_va = 0x7ff9002b0000 end_va = 0x7ff9002d6fff monitored = 0 entry_point = 0x7ff9002c0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 3319 start_va = 0x7ff900270000 end_va = 0x7ff9002a9fff monitored = 0 entry_point = 0x7ff900278d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 3320 start_va = 0x7ff8eeef0000 end_va = 0x7ff8eef0dfff monitored = 0 entry_point = 0x7ff8eeefef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 3321 start_va = 0x7ff8ffd90000 end_va = 0x7ff8ffd99fff monitored = 0 entry_point = 0x7ff8ffd91830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 3322 start_va = 0x7ff9009a0000 end_va = 0x7ff9009f4fff monitored = 0 entry_point = 0x7ff9009b7970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 3323 start_va = 0x7ff9000c0000 end_va = 0x7ff9000d6fff monitored = 0 entry_point = 0x7ff9000c79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3324 start_va = 0x7ff8ffd50000 end_va = 0x7ff8ffd83fff monitored = 0 entry_point = 0x7ff8ffd6ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3325 start_va = 0x7ff9001e0000 end_va = 0x7ff9001eafff monitored = 0 entry_point = 0x7ff9001e19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3326 start_va = 0x29c0000 end_va = 0x2a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029c0000" filename = "" Region: id = 3327 start_va = 0x2a40000 end_va = 0x2c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a40000" filename = "" Region: id = 3328 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 3329 start_va = 0x8c0000 end_va = 0x8c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 3330 start_va = 0x8d0000 end_va = 0x8d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 3331 start_va = 0x8d0000 end_va = 0x8d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 3332 start_va = 0x8d0000 end_va = 0x8d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 3333 start_va = 0x2c00000 end_va = 0x2dd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 3334 start_va = 0x2de0000 end_va = 0x2fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002de0000" filename = "" Region: id = 3335 start_va = 0x2e00000 end_va = 0x2efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e00000" filename = "" Region: id = 3336 start_va = 0x2c00000 end_va = 0x2d00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c00000" filename = "" Region: id = 3337 start_va = 0x2dd0000 end_va = 0x2dd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002dd0000" filename = "" Region: id = 3338 start_va = 0x2f00000 end_va = 0x2ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f00000" filename = "" Region: id = 3339 start_va = 0x3000000 end_va = 0x3100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 3340 start_va = 0x3110000 end_va = 0x3210fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 3341 start_va = 0x3000000 end_va = 0x3100fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003000000" filename = "" Region: id = 3342 start_va = 0x3220000 end_va = 0x341ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003220000" filename = "" Region: id = 3343 start_va = 0x3300000 end_va = 0x33fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003300000" filename = "" Region: id = 3344 start_va = 0x2c00000 end_va = 0x2cdffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 3345 start_va = 0x7ff8fdcd0000 end_va = 0x7ff8fdd6bfff monitored = 0 entry_point = 0x7ff8fdd296a0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll") Region: id = 3346 start_va = 0x7ff8f55e0000 end_va = 0x7ff8f562ffff monitored = 0 entry_point = 0x7ff8f55e2580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Thread: id = 446 os_tid = 0x1038 Thread: id = 447 os_tid = 0x1034 Thread: id = 448 os_tid = 0x1024 Thread: id = 449 os_tid = 0x102c Thread: id = 450 os_tid = 0x1030 Thread: id = 452 os_tid = 0x1040 Thread: id = 453 os_tid = 0x1080 Thread: id = 455 os_tid = 0x1084 Thread: id = 456 os_tid = 0x1070 Thread: id = 457 os_tid = 0x1068 Thread: id = 458 os_tid = 0x1064 Thread: id = 459 os_tid = 0x1060 Process: id = "23" image_name = "installagent.exe" filename = "c:\\windows\\system32\\installagent.exe" page_root = "0x66300000" os_pid = "0x10d0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\System32\\InstallAgent.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f229" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 3445 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 3446 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3447 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 3448 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 3449 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 3450 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 3451 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3452 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3453 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 3454 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 3455 start_va = 0x7ff70a150000 end_va = 0x7ff70a185fff monitored = 0 entry_point = 0x7ff70a1710e0 region_type = mapped_file name = "installagent.exe" filename = "\\Windows\\System32\\InstallAgent.exe" (normalized: "c:\\windows\\system32\\installagent.exe") Region: id = 3456 start_va = 0x7ff904120000 end_va = 0x7ff9042e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3457 start_va = 0x400000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3458 start_va = 0x7ff901c50000 end_va = 0x7ff901cfcfff monitored = 0 entry_point = 0x7ff901c681a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3459 start_va = 0x7ff901280000 end_va = 0x7ff901467fff monitored = 0 entry_point = 0x7ff9012aba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3460 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3461 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 3462 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3463 start_va = 0x7ff901e70000 end_va = 0x7ff901f0cfff monitored = 0 entry_point = 0x7ff901e778a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3464 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 3465 start_va = 0x520000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 3466 start_va = 0x620000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 3467 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3468 start_va = 0x7ff9018c0000 end_va = 0x7ff901b3cfff monitored = 0 entry_point = 0x7ff901994970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 3469 start_va = 0x7ff903ea0000 end_va = 0x7ff903fbbfff monitored = 0 entry_point = 0x7ff903ee02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3470 start_va = 0x7ff901160000 end_va = 0x7ff9011c9fff monitored = 0 entry_point = 0x7ff901196d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 3471 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 3472 start_va = 0x620000 end_va = 0x6fcfff monitored = 0 entry_point = 0x67e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3473 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 3474 start_va = 0x7ff9007c0000 end_va = 0x7ff9007cefff monitored = 0 entry_point = 0x7ff9007c3210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 3475 start_va = 0x7ff903fc0000 end_va = 0x7ff904115fff monitored = 0 entry_point = 0x7ff903fca8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3476 start_va = 0x7ff901730000 end_va = 0x7ff9018b5fff monitored = 0 entry_point = 0x7ff90177ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3477 start_va = 0x480000 end_va = 0x4b8fff monitored = 0 entry_point = 0x4812f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3478 start_va = 0x620000 end_va = 0x7a7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 3479 start_va = 0x7ff901e30000 end_va = 0x7ff901e6afff monitored = 0 entry_point = 0x7ff901e312f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3480 start_va = 0x820000 end_va = 0x9a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 3481 start_va = 0x9b0000 end_va = 0x1daffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009b0000" filename = "" Region: id = 3482 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 3483 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 3484 start_va = 0x7ff901b40000 end_va = 0x7ff901b9afff monitored = 0 entry_point = 0x7ff901b538b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3485 start_va = 0x7ff900a50000 end_va = 0x7ff900b04fff monitored = 0 entry_point = 0x7ff900a922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 3486 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 3487 start_va = 0x7ff9020d0000 end_va = 0x7ff902176fff monitored = 0 entry_point = 0x7ff9020db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3488 start_va = 0x1db0000 end_va = 0x1e8cfff monitored = 0 entry_point = 0x1e0e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 3489 start_va = 0x480000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 3490 start_va = 0x1db0000 end_va = 0x1e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 3491 start_va = 0x1e30000 end_va = 0x1eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e30000" filename = "" Region: id = 3493 start_va = 0x500000 end_va = 0x501fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 3494 start_va = 0x1eb0000 end_va = 0x1f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001eb0000" filename = "" Region: id = 3495 start_va = 0x7ff8fee70000 end_va = 0x7ff8fee7cfff monitored = 0 entry_point = 0x7ff8fee745e0 region_type = mapped_file name = "eamprogresshandler.dll" filename = "\\Windows\\System32\\EAMProgressHandler.dll" (normalized: "c:\\windows\\system32\\eamprogresshandler.dll") Region: id = 3496 start_va = 0x7ff8e7970000 end_va = 0x7ff8e79dafff monitored = 0 entry_point = 0x7ff8e7972670 region_type = mapped_file name = "dmenrollengine.dll" filename = "\\Windows\\System32\\dmenrollengine.dll" (normalized: "c:\\windows\\system32\\dmenrollengine.dll") Region: id = 3497 start_va = 0x7ff8fee50000 end_va = 0x7ff8fee6afff monitored = 0 entry_point = 0x7ff8fee5cdf0 region_type = mapped_file name = "omadmapi.dll" filename = "\\Windows\\System32\\omadmapi.dll" (normalized: "c:\\windows\\system32\\omadmapi.dll") Region: id = 3499 start_va = 0x7ff9007d0000 end_va = 0x7ff900996fff monitored = 0 entry_point = 0x7ff90082db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 3500 start_va = 0x7ff9007b0000 end_va = 0x7ff9007bffff monitored = 0 entry_point = 0x7ff9007b56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 3501 start_va = 0x7ff9023d0000 end_va = 0x7ff902490fff monitored = 0 entry_point = 0x7ff9023f0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3502 start_va = 0x7ff8fabb0000 end_va = 0x7ff8fac41fff monitored = 0 entry_point = 0x7ff8fabfa780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 3503 start_va = 0x7ff9005d0000 end_va = 0x7ff9005f8fff monitored = 0 entry_point = 0x7ff9005e4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3504 start_va = 0x7ff9002b0000 end_va = 0x7ff9002d6fff monitored = 0 entry_point = 0x7ff9002c0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 3505 start_va = 0x7ff8f9760000 end_va = 0x7ff8f9827fff monitored = 0 entry_point = 0x7ff8f97a13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 3506 start_va = 0x7ff8ff160000 end_va = 0x7ff8ff186fff monitored = 0 entry_point = 0x7ff8ff167940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 3507 start_va = 0x7ff900a00000 end_va = 0x7ff900a42fff monitored = 0 entry_point = 0x7ff900a14b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 3508 start_va = 0x7ff900270000 end_va = 0x7ff9002a9fff monitored = 0 entry_point = 0x7ff900278d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 3509 start_va = 0x7ff9000c0000 end_va = 0x7ff9000d6fff monitored = 0 entry_point = 0x7ff9000c79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3510 start_va = 0x7ff8f7760000 end_va = 0x7ff8f7777fff monitored = 0 entry_point = 0x7ff8f776b850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 3511 start_va = 0x7ff8f9120000 end_va = 0x7ff8f912efff monitored = 0 entry_point = 0x7ff8f9124ec0 region_type = mapped_file name = "iri.dll" filename = "\\Windows\\System32\\iri.dll" (normalized: "c:\\windows\\system32\\iri.dll") Region: id = 3512 start_va = 0x1f30000 end_va = 0x2072fff monitored = 0 entry_point = 0x1f58210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3513 start_va = 0x7ff8e79e0000 end_va = 0x7ff8e7a69fff monitored = 0 entry_point = 0x7ff8e7a37430 region_type = mapped_file name = "storeagent.dll" filename = "\\Windows\\System32\\StoreAgent.dll" (normalized: "c:\\windows\\system32\\storeagent.dll") Region: id = 3514 start_va = 0x7ff8eef10000 end_va = 0x7ff8eef39fff monitored = 0 entry_point = 0x7ff8eef28b70 region_type = mapped_file name = "vestoreeventhandlers.dll" filename = "\\Windows\\System32\\VEStoreEventHandlers.dll" (normalized: "c:\\windows\\system32\\vestoreeventhandlers.dll") Region: id = 3515 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 3516 start_va = 0x7ff8fde10000 end_va = 0x7ff8fe2a2fff monitored = 0 entry_point = 0x7ff8fde1f760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 3517 start_va = 0x7ff900b10000 end_va = 0x7ff901153fff monitored = 0 entry_point = 0x7ff900cd64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 3518 start_va = 0x7ff901ba0000 end_va = 0x7ff901c46fff monitored = 0 entry_point = 0x7ff901bb58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3519 start_va = 0x7ff903e40000 end_va = 0x7ff903e91fff monitored = 0 entry_point = 0x7ff903e4f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 3520 start_va = 0x7ff900740000 end_va = 0x7ff90078afff monitored = 0 entry_point = 0x7ff9007435f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 3521 start_va = 0x7ff900790000 end_va = 0x7ff9007a3fff monitored = 0 entry_point = 0x7ff9007952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 3522 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 3523 start_va = 0x1f30000 end_va = 0x2266fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3549 start_va = 0x7b0000 end_va = 0x7b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Thread: id = 468 os_tid = 0x830 Thread: id = 469 os_tid = 0xb7c Thread: id = 470 os_tid = 0x2f0 Thread: id = 471 os_tid = 0xde8 Thread: id = 472 os_tid = 0x990 Thread: id = 473 os_tid = 0x1124